I've been configuring DNS records for a mail server and got stuck when it came to DMARC's alignments.
I know that both relaxed and strict are valid options, as well as relaxed being default setting. However, I am wondering if there is a commonly accepted "best" practice?
Is there an expectation that, as DMARC gets more widespread, the strict alignment is going to become the recommended/default one?
There's no such expectation that one should move towards using strict alignment mode over relaxed in the future. From RFC 7489, 3.1 Identifier Alignment:
A Domain Owner would normally select strict mode if it wanted Mail Receivers to apply DMARC processing only to messages bearing an RFC5322.From domain exactly matching the domains those mechanisms will verify. Relaxed mode can be used when the operator also wishes to affect message flows bearing subdomains of the verified domains.
Which one is chosen depends entirely on the needs. For example, the strict mode on SPF wouldn't allow mixing:
Return-Path: <user@newsletter.example.com>
From: <user@example.com>
On the other hand, if e.g. a control of a subdomain is delegated to someone else who shouldn't be able to send email as @example.com, the strict mode would prevent that.
