{#if headerAnalysis.issues && headerAnalysis.issues.length > 0}

Issues

{#each headerAnalysis.issues as issue}

{issue.header}

{issue.message}

{#if issue.advice}

{issue.advice}

{/if}

{issue.severity}

{/each}

{/if} {#if headerAnalysis.domain_alignment} {@const spfStrictAligned = headerAnalysis.domain_alignment.from_domain === headerAnalysis.domain_alignment.return_path_domain} {@const spfRelaxedAligned = headerAnalysis.domain_alignment.from_org_domain === headerAnalysis.domain_alignment.return_path_org_domain}

Domain Alignment

Domain alignment ensures that the visible "From" domain matches the domain used for authentication (Return-Path or DKIM signature). Proper alignment is crucial for DMARC compliance, regardless of the policy. It helps prevent email spoofing by verifying that the sender domain is consistent across all authentication layers. Only one of the following lines needs to pass.

{#if headerAnalysis.domain_alignment.issues && headerAnalysis.domain_alignment.issues.length > 0}

{#each headerAnalysis.domain_alignment.issues as issue}

{issue}

{/each}

{/if}

SPF

Strict Alignment

{spfStrictAligned ? "Pass" : "Fail"}

Exact domain match

Relaxed Alignment

{spfRelaxedAligned ? "Pass" : "Fail"}

Organizational domain match

From Domain


                                            {headerAnalysis.domain_alignment.from_domain || "-"}

{#if headerAnalysis.domain_alignment.from_org_domain && headerAnalysis.domain_alignment.from_org_domain !== headerAnalysis.domain_alignment.from_domain}

Org:


                                                {headerAnalysis.domain_alignment.from_org_domain}

{/if}

Return-Path Domain


                                            {headerAnalysis.domain_alignment.return_path_domain ||
                                                "-"}

{#if headerAnalysis.domain_alignment.return_path_org_domain && headerAnalysis.domain_alignment.return_path_org_domain !== headerAnalysis.domain_alignment.return_path_domain}

Org:


                                                {headerAnalysis.domain_alignment
                                                    .return_path_org_domain}

{/if}

{#if dmarcRecord && headerAnalysis.domain_alignment.return_path_domain && headerAnalysis.domain_alignment.return_path_domain !== headerAnalysis.domain_alignment.from_domain}

{#if dmarcRecord.spf_alignment === "strict"} Strict SPF alignment required — Your DMARC policy requires exact domain match. The Return-Path domain must exactly match the From domain for SPF to pass DMARC alignment. {:else} Relaxed SPF alignment allowed — Your DMARC policy allows organizational domain matching. As long as both domains share the same organizational domain (e.g., mail.example.com and example.com), SPF alignment can pass. {/if}

{/if}

{#each headerAnalysis.domain_alignment.dkim_domains as dkim_domain} {@const dkim_aligned = dkim_domain.domain === headerAnalysis.domain_alignment.from_domain} {@const dkim_relaxed_aligned = dkim_domain.org_domain === headerAnalysis.domain_alignment.from_org_domain}

DKIM

Strict Alignment

{dkim_aligned ? "Pass" : "Fail"}

Exact domain match

Relaxed Alignment

{dkim_relaxed_aligned ? "Pass" : "Fail"}

Organizational domain match

From Domain

{headerAnalysis.domain_alignment.from_domain ||
                                                        "-"}

{#if headerAnalysis.domain_alignment.from_org_domain && headerAnalysis.domain_alignment.from_org_domain !== headerAnalysis.domain_alignment.from_domain}

Org:

{headerAnalysis.domain_alignment
                                                            .from_org_domain}

{/if}

Signature Domain

{dkim_domain.domain || "-"}

{#if dkim_domain.domain !== dkim_domain.org_domain}

Org: {dkim_domain.org_domain}

{/if}

{#if dmarcRecord && dkim_domain.domain !== headerAnalysis.domain_alignment.from_domain} {#if dkim_domain.org_domain === headerAnalysis.domain_alignment.from_org_domain}

{#if dmarcRecord.dkim_alignment === "strict"} Strict DKIM alignment required — Your DMARC policy requires exact domain match. The DKIM signature domain must exactly match the From domain for DKIM to pass DMARC alignment. {:else} Relaxed DKIM alignment allowed — Your DMARC policy allows organizational domain matching. As long as both domains share the same organizational domain (e.g., mail.example.com and example.com), DKIM alignment can pass. {/if}

{/if} {/if}

{/each}

{/if} {#if headerAnalysis.headers && Object.keys(headerAnalysis.headers).length > 0}

Headers

{#each Object.entries(headerAnalysis.headers).sort((a, b) => { const importanceOrder = { required: 0, recommended: 1, optional: 2, newsletter: 3 }; const aImportance = importanceOrder[a[1].importance || "optional"]; const bImportance = importanceOrder[b[1].importance || "optional"]; return aImportance - bImportance; }) as [name, check]} {/each}

	When?	Present	Valid	Value
`{name}`	{#if check.importance} {check.importance} {/if}		{#if check.present && check.valid !== undefined} {:else} - {/if}	{check.value \|\| "-"} {#if check.issues && check.issues.length > 0} {#each check.issues as issue} {issue} {/each} {/if}

{/if}

Header Analysis {#if headerScore !== undefined} {headerScore}% {/if} {#if headerGrade !== undefined} {/if}

Issues

Domain Alignment

Headers