DMARC’s alignment feature prevents spoofing of the “header from” address by: Matching the “header from” domain name with the “envelope from” domain name used during an SPF check, and Matching the “header from” domain name with the “d= domain name” in the DKIM signature. To pass DMARC, a message must pass SPF authentication and SPF
