> (with DMARC signatures and other modern email practices)
DMARC does not provide signatures, DKIM does.
DMARC adds the DKIM 'alignment' requirement. Meaning that not just any DKIM signature will do, the public key (the DKIM DNS record) must be published under the administrative domain (the part after the '@' in the sender address).
DMARC also mandates SPF alignment (not that your should rely on SPF), meaning that the rfc5321.MailFrom and rfc5322.From address should be from the same administrative domain for the SPF to pass DMARC.
When either SPF or DKIM is aligned, you have a DMARC pass. Because SPF breaks with forwarding services, you shouldn't rely on it. DKIM + DMARC is the way to go.
Also funny that the author calls DMARC 'modern practice', since DMARC was introduced in March 2015, almost 7 years ago.
DMARC does not provide signatures, DKIM does.
DMARC adds the DKIM 'alignment' requirement. Meaning that not just any DKIM signature will do, the public key (the DKIM DNS record) must be published under the administrative domain (the part after the '@' in the sender address).
DMARC also mandates SPF alignment (not that your should rely on SPF), meaning that the rfc5321.MailFrom and rfc5322.From address should be from the same administrative domain for the SPF to pass DMARC.
When either SPF or DKIM is aligned, you have a DMARC pass. Because SPF breaks with forwarding services, you shouldn't rely on it. DKIM + DMARC is the way to go.
Also funny that the author calls DMARC 'modern practice', since DMARC was introduced in March 2015, almost 7 years ago.