From 447a666ae7d560ee565b442d3c8d869fc55c27e4 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Fri, 7 Nov 2025 17:07:31 +0700 Subject: [PATCH] Fix Domain Alignment align issue when error messages --- .../lib/components/HeaderAnalysisCard.svelte | 222 +++++++++--------- 1 file changed, 109 insertions(+), 113 deletions(-) diff --git a/web/src/lib/components/HeaderAnalysisCard.svelte b/web/src/lib/components/HeaderAnalysisCard.svelte index 3cfe287..e0ecb58 100644 --- a/web/src/lib/components/HeaderAnalysisCard.svelte +++ b/web/src/lib/components/HeaderAnalysisCard.svelte @@ -58,6 +58,8 @@ {/if} {#if headerAnalysis.domain_alignment} + {@const spfStrictAligned = headerAnalysis.domain_alignment.from_domain === headerAnalysis.domain_alignment.return_path_domain} + {@const spfRelaxedAligned = headerAnalysis.domain_alignment.from_org_domain === headerAnalysis.domain_alignment.return_path_org_domain}
@@ -69,71 +71,73 @@

Domain alignment ensures that the visible "From" domain matches the domain used for authentication (Return-Path or DKIM signature). Proper alignment is crucial for DMARC compliance, regardless of the policy. It helps prevent email spoofing by verifying that the sender domain is consistent across all authentication layers. Only one of the following lines needs to pass.

+ {#if headerAnalysis.domain_alignment.issues && headerAnalysis.domain_alignment.issues.length > 0} +
+ {#each headerAnalysis.domain_alignment.issues as issue} +
+ + {issue} +
+ {/each} +
+ {/if}
SPF
-
-
- Strict Alignment -
- - - {headerAnalysis.domain_alignment.aligned ? 'Pass' : 'Fail'} - -
-
Exact domain match
-
-
- Relaxed Alignment -
- - - {headerAnalysis.domain_alignment.relaxed_aligned ? 'Pass' : 'Fail'} - -
-
Organizational domain match
-
-
- From Domain -
{headerAnalysis.domain_alignment.from_domain || '-'}
- {#if headerAnalysis.domain_alignment.from_org_domain && headerAnalysis.domain_alignment.from_org_domain !== headerAnalysis.domain_alignment.from_domain} -
Org: {headerAnalysis.domain_alignment.from_org_domain}
- {/if} -
-
- Return-Path Domain -
{headerAnalysis.domain_alignment.return_path_domain || '-'}
- {#if headerAnalysis.domain_alignment.return_path_org_domain && headerAnalysis.domain_alignment.return_path_org_domain !== headerAnalysis.domain_alignment.return_path_domain} -
Org: {headerAnalysis.domain_alignment.return_path_org_domain}
- {/if} -
-
- {#if headerAnalysis.domain_alignment.issues && headerAnalysis.domain_alignment.issues.length > 0} -
- {#each headerAnalysis.domain_alignment.issues as issue} -
- - {issue} +
+
+
+ Strict Alignment +
+ + + {spfStrictAligned ? 'Pass' : 'Fail'} +
- {/each} +
Exact domain match
+
+
+ Relaxed Alignment +
+ + + {spfRelaxedAligned ? 'Pass' : 'Fail'} + +
+
Organizational domain match
+
+
+ From Domain +
{headerAnalysis.domain_alignment.from_domain || '-'}
+ {#if headerAnalysis.domain_alignment.from_org_domain && headerAnalysis.domain_alignment.from_org_domain !== headerAnalysis.domain_alignment.from_domain} +
Org: {headerAnalysis.domain_alignment.from_org_domain}
+ {/if} +
+
+ Return-Path Domain +
{headerAnalysis.domain_alignment.return_path_domain || '-'}
+ {#if headerAnalysis.domain_alignment.return_path_org_domain && headerAnalysis.domain_alignment.return_path_org_domain !== headerAnalysis.domain_alignment.return_path_domain} +
Org: {headerAnalysis.domain_alignment.return_path_org_domain}
+ {/if} +
- {/if} - - {#if dmarcRecord && headerAnalysis.domain_alignment.return_path_domain && headerAnalysis.domain_alignment.return_path_domain !== headerAnalysis.domain_alignment.from_domain} -
- {#if dmarcRecord.spf_alignment === 'strict'} - - Strict SPF alignment required — Your DMARC policy requires exact domain match. The Return-Path domain must exactly match the From domain for SPF to pass DMARC alignment. - {:else} - - Relaxed SPF alignment allowed — Your DMARC policy allows organizational domain matching. As long as both domains share the same organizational domain (e.g., mail.example.com and example.com), SPF alignment can pass. - {/if} -
- {/if} + + {#if dmarcRecord && headerAnalysis.domain_alignment.return_path_domain && headerAnalysis.domain_alignment.return_path_domain !== headerAnalysis.domain_alignment.from_domain} +
+ {#if dmarcRecord.spf_alignment === 'strict'} + + Strict SPF alignment required — Your DMARC policy requires exact domain match. The Return-Path domain must exactly match the From domain for SPF to pass DMARC alignment. + {:else} + + Relaxed SPF alignment allowed — Your DMARC policy allows organizational domain matching. As long as both domains share the same organizational domain (e.g., mail.example.com and example.com), SPF alignment can pass. + {/if} +
+ {/if} +
{#each headerAnalysis.domain_alignment.dkim_domains as dkim_domain} @@ -144,67 +148,59 @@ DKIM
-
-
- Strict Alignment -
- - - {dkim_aligned ? 'Pass' : 'Fail'} - -
-
Exact domain match
-
-
- Relaxed Alignment -
- - - {dkim_relaxed_aligned ? 'Pass' : 'Fail'} - -
-
Organizational domain match
-
-
- From Domain -
{headerAnalysis.domain_alignment.from_domain || '-'}
- {#if headerAnalysis.domain_alignment.from_org_domain && headerAnalysis.domain_alignment.from_org_domain !== headerAnalysis.domain_alignment.from_domain} -
Org: {headerAnalysis.domain_alignment.from_org_domain}
- {/if} -
-
- Signature Domain -
{dkim_domain.domain || '-'}
- {#if dkim_domain.domain !== dkim_domain.org_domain} -
Org: {dkim_domain.org_domain}
- {/if} -
-
- {#if headerAnalysis.domain_alignment.issues && headerAnalysis.domain_alignment.issues.length > 0} -
- {#each headerAnalysis.domain_alignment.issues as issue} -
- - {issue} +
+
+
+ Strict Alignment +
+ + + {dkim_aligned ? 'Pass' : 'Fail'} +
- {/each} -
- {/if} - - - {#if dmarcRecord && dkim_domain.domain !== headerAnalysis.domain_alignment.from_domain} - {#if dkim_domain.org_domain === headerAnalysis.domain_alignment.from_org_domain} -
- {#if dmarcRecord.dkim_alignment === 'strict'} - - Strict DKIM alignment required — Your DMARC policy requires exact domain match. The DKIM signature domain must exactly match the From domain for DKIM to pass DMARC alignment. - {:else} - - Relaxed DKIM alignment allowed — Your DMARC policy allows organizational domain matching. As long as both domains share the same organizational domain (e.g., mail.example.com and example.com), DKIM alignment can pass. +
Exact domain match
+
+
+ Relaxed Alignment +
+ + + {dkim_relaxed_aligned ? 'Pass' : 'Fail'} + +
+
Organizational domain match
+
+
+ From Domain +
{headerAnalysis.domain_alignment.from_domain || '-'}
+ {#if headerAnalysis.domain_alignment.from_org_domain && headerAnalysis.domain_alignment.from_org_domain !== headerAnalysis.domain_alignment.from_domain} +
Org: {headerAnalysis.domain_alignment.from_org_domain}
{/if}
+
+ Signature Domain +
{dkim_domain.domain || '-'}
+ {#if dkim_domain.domain !== dkim_domain.org_domain} +
Org: {dkim_domain.org_domain}
+ {/if} +
+
+ + + {#if dmarcRecord && dkim_domain.domain !== headerAnalysis.domain_alignment.from_domain} + {#if dkim_domain.org_domain === headerAnalysis.domain_alignment.from_org_domain} +
+ {#if dmarcRecord.dkim_alignment === 'strict'} + + Strict DKIM alignment required — Your DMARC policy requires exact domain match. The DKIM signature domain must exactly match the From domain for DKIM to pass DMARC alignment. + {:else} + + Relaxed DKIM alignment allowed — Your DMARC policy allows organizational domain matching. As long as both domains share the same organizational domain (e.g., mail.example.com and example.com), DKIM alignment can pass. + {/if} +
+ {/if} {/if} - {/if} +
{/each}