What problem does DMARC solve that SPF/DKIM don’t?
SPF validates the envelope from defined in RFC 5321, which appears in the Return Path header. DKIM validates the domain inside the d tag of the DKIM signature. Neither protocol was designed to authenticate the visible From address defined in RFC 5322 which is the address humans actually see.
DMARC adds alignment. It connects these authenticated domains to the visible From domain ensuring that the human facing address cannot be forged even if SPF and DKIM technically pass.
DMARC solves the core problem of impersonation.
Was this answer helpful?
Thanks for your feedback!