{"id":285,"date":"2026-05-28T08:51:17","date_gmt":"2026-05-28T08:51:17","guid":{"rendered":"https:\/\/rbl.watch\/blog\/spf-dkim-dmarc-hizalama-alignment-rehberi\/"},"modified":"2026-05-28T10:29:25","modified_gmt":"2026-05-28T10:29:25","slug":"spf-dkim-dmarc-hizalama-alignment-rehberi","status":"publish","type":"post","link":"https:\/\/rbl.watch\/blog\/spf-dkim-dmarc-hizalama-alignment-rehberi\/","title":{"rendered":"SPF\/DKIM\/DMARC Hizalama (Alignment) Sorunlar\u0131 ve \u00c7\u00f6z\u00fcmleri"},"content":{"rendered":"<p>SPF kayd\u0131n\u0131z var, DKIM imzan\u0131z var, DMARC kayd\u0131 yay\u0131nlanm\u0131\u015f. Ama mesajlar\u0131n\u0131z h\u00e2l\u00e2 <strong>spam&#8217;e d\u00fc\u015f\u00fcyor<\/strong> veya DMARC raporlar\u0131nda &#8220;fail&#8221; g\u00f6r\u00fcyorsunuz. Bu durumun en yayg\u0131n sebebi, \u00e7o\u011fu y\u00f6neticinin g\u00f6zden ka\u00e7\u0131rd\u0131\u011f\u0131 bir kavramd\u0131r: <strong>domain alignment (hizalama)<\/strong>.<\/p>\n<p>Bu rehberde alignment&#8217;\u0131n ne oldu\u011funu, neden DMARC&#8217;\u0131n \u00f6z\u00fcn\u00fc olu\u015fturdu\u011funu, SPF ve DKIM alignment aras\u0131ndaki fark\u0131, en s\u0131k kar\u015f\u0131la\u015f\u0131lan hizalama sorunlar\u0131n\u0131 ve \u00e7\u00f6z\u00fcmlerini ad\u0131m ad\u0131m anlataca\u011f\u0131z.<\/p>\n<h2>Alignment Nedir?<\/h2>\n<p>DMARC, SPF veya DKIM&#8217;in <em>&#8220;ge\u00e7ti\u011fi&#8221;<\/em> mesajlar\u0131 kabul etmez. <strong>Hizalanm\u0131\u015f<\/strong> \u015fekilde ge\u00e7en mesajlar\u0131 kabul eder. Yani SPF\/DKIM teknik olarak pass alabilir ama, do\u011frulanan domain <code>From:<\/code> header&#8217;\u0131ndaki domain ile uyu\u015fmuyorsa DMARC ba\u015far\u0131s\u0131z sayar.<\/p>\n<p>Basit bir \u00f6rnek:<\/p>\n<ul>\n<li><code>From:<\/code> header&#8217;\u0131: <code>info@sirketim.com<\/code><\/li>\n<li>SPF do\u011frulanan domain (MailFrom \/ Return-Path): <code>bounce@bouncer.servisim.com<\/code><\/li>\n<\/ul>\n<p>SPF teknik olarak pass alabilir (bouncer.servisim.com&#8217;un SPF&#8217;i do\u011fru), ama <code>sirketim.com \u2260 bouncer.servisim.com<\/code> oldu\u011fu i\u00e7in <strong>SPF alignment fail<\/strong>. DMARC bu mesaj\u0131 ba\u015far\u0131s\u0131z sayar.<\/p>\n<p>K\u0131sacas\u0131 alignment, &#8220;do\u011frulamay\u0131 ge\u00e7en domain ile From&#8217;da g\u00f6r\u00fcnen domain ayn\u0131 m\u0131?&#8221; sorusunun cevab\u0131d\u0131r.<\/p>\n<h2>SPF Alignment vs DKIM Alignment<\/h2>\n<h3>SPF Alignment<\/h3>\n<p>SPF alignment, mesaj\u0131n <code>Return-Path<\/code> (MailFrom) domain&#8217;i ile <code>From:<\/code> header domain&#8217;inin e\u015fle\u015fmesini ister.<\/p>\n<ul>\n<li><strong>Strict alignment:<\/strong> tam e\u015fle\u015fme (\u00f6rnek: ikisi de <code>sirketim.com<\/code>)<\/li>\n<li><strong>Relaxed alignment<\/strong> (varsay\u0131lan): ayn\u0131 organizational domain yeterli (\u00f6rnek: <code>mail.sirketim.com<\/code> ile <code>sirketim.com<\/code> hizalan\u0131r)<\/li>\n<\/ul>\n<p>DMARC kayd\u0131nda <code>aspf=r<\/code> (relaxed, default) veya <code>aspf=s<\/code> (strict) ile kontrol edilir.<\/p>\n<h3>DKIM Alignment<\/h3>\n<p>DKIM alignment, DKIM imzas\u0131ndaki <code>d=<\/code> tag&#8217;inin <code>From:<\/code> header domain&#8217;iyle e\u015fle\u015fmesini ister.<\/p>\n<ul>\n<li><strong>Strict alignment:<\/strong> tam e\u015fle\u015fme<\/li>\n<li><strong>Relaxed alignment<\/strong> (varsay\u0131lan): ayn\u0131 organizational domain yeterli<\/li>\n<\/ul>\n<p>DMARC kayd\u0131nda <code>adkim=r<\/code> (relaxed) veya <code>adkim=s<\/code> (strict) ile kontrol edilir.<\/p>\n<h3>DMARC Pass \u015eart\u0131<\/h3>\n<p>DMARC&#8217;tan ge\u00e7mek i\u00e7in <strong>SPF veya DKIM&#8217;den en az biri<\/strong>:<\/p>\n<ol>\n<li>Teknik olarak <strong>pass<\/strong> almal\u0131, VE<\/li>\n<li><strong>Hizalanm\u0131\u015f<\/strong> olmal\u0131.<\/li>\n<\/ol>\n<p>Yani ikisi de pass al\u0131yor ama ikisi de align de\u011filse, mesaj DMARC&#8217;tan ba\u015far\u0131s\u0131z ge\u00e7er.<\/p>\n<h2>En Yayg\u0131n Alignment Sorunlar\u0131<\/h2>\n<h3>1. ESP&#8217;lerin Default &#8220;Bounce&#8221; Domain&#8217;i (En S\u0131k)<\/h3>\n<p>SendGrid, Mailgun, Amazon SES gibi servisler default&#8217;ta kendi domain&#8217;lerini Return-Path olarak kullan\u0131r:<\/p>\n<ul>\n<li>From: <code>info@sirketim.com<\/code><\/li>\n<li>Return-Path: <code>bounces+xyz@sendgrid.net<\/code><\/li>\n<\/ul>\n<p>SPF pass al\u0131r (sendgrid.net&#8217;in SPF&#8217;i do\u011fru) ama alignment fail.<\/p>\n<p><strong>\u00c7\u00f6z\u00fcm:<\/strong> ESP&#8217;de <em>&#8220;custom return path&#8221;<\/em> veya <em>&#8220;sender authentication&#8221;<\/em> ayar\u0131n\u0131 yap\u0131n. Genelde alt domain olarak yap\u0131land\u0131r\u0131l\u0131r:<\/p>\n<ul>\n<li>SendGrid: <code>em.sirketim.com<\/code> CNAME \u2192 <code>sendgrid.net<\/code><\/li>\n<li>Mailgun: <code>mg.sirketim.com<\/code> alt domain&#8217;i<\/li>\n<li>Amazon SES: Custom MAIL FROM domain ayar\u0131<\/li>\n<\/ul>\n<p>B\u00f6ylece Return-Path <code>bounce@em.sirketim.com<\/code> olur, sirketim.com ile ayn\u0131 organizational domain&#8217;de bulunur, relaxed alignment&#8217;tan ge\u00e7er.<\/p>\n<h3>2. DKIM \u0130mzas\u0131 ESP Domain&#8217;iyle<\/h3>\n<p>Ayn\u0131 \u015fekilde DKIM imzas\u0131 ESP&#8217;in default domain&#8217;iyle yap\u0131l\u0131rsa:<\/p>\n<ul>\n<li>From: <code>info@sirketim.com<\/code><\/li>\n<li>DKIM <code>d=<\/code>: <code>sendgrid.net<\/code><\/li>\n<\/ul>\n<p>DKIM pass al\u0131r ama align fail.<\/p>\n<p><strong>\u00c7\u00f6z\u00fcm:<\/strong> ESP&#8217;nin sundu\u011fu DKIM kay\u0131tlar\u0131n\u0131 sirketim.com alt\u0131nda yay\u0131nlay\u0131n (genelde 2-3 CNAME kayd\u0131 verilir). DKIM art\u0131k <code>d=sirketim.com<\/code> ile imzalan\u0131r, alignment \u00e7al\u0131\u015f\u0131r.<\/p>\n<h3>3. Forwarding (Y\u00f6nlendirme)<\/h3>\n<p>Bir kullan\u0131c\u0131 mesaj\u0131n\u0131z\u0131 ba\u015fka adrese forward ederse:<\/p>\n<ul>\n<li>Return-Path de\u011fi\u015fir (forward eden sunucu)<\/li>\n<li>SPF muhtemelen fail veya alignment fail<\/li>\n<li>DKIM imza genelde korunur, h\u00e2l\u00e2 pass (mesaj de\u011fi\u015ftirilmediyse)<\/li>\n<\/ul>\n<p>Bu y\u00fczden <strong>DKIM, forwarding alt\u0131nda SPF&#8217;den daha g\u00fcvenilirdir<\/strong>. DMARC pass i\u00e7in DKIM&#8217;in \u00e7al\u0131\u015fmas\u0131 yeterlidir.<\/p>\n<p>DMARC <code>p=reject<\/code>&#8216;e ge\u00e7meden \u00f6nce DKIM alignment&#8217;\u0131 kesin \u00e7al\u0131\u015ft\u0131\u011f\u0131ndan emin olun.<\/p>\n<h3>4. Mailing List&#8217;ler (Tart\u0131\u015fma Gruplar\u0131)<\/h3>\n<p>Mailing list yaz\u0131l\u0131mlar\u0131 (Mailman, Discourse) genelde:<\/p>\n<ul>\n<li>From&#8217;u list adresine de\u011fi\u015ftirir (Author Munging)<\/li>\n<li>Subject&#8217;a [LIST] ekler \u2014 DKIM&#8217;i k\u0131rar<\/li>\n<li>Return-Path&#8217;i kendi domain&#8217;ine atar<\/li>\n<\/ul>\n<p>Sonu\u00e7: hem SPF hem DKIM alignment fail. DMARC <code>p=reject<\/code> kullan\u0131yorsan\u0131z mailing list&#8217;leriniz reddedilir.<\/p>\n<p><strong>\u00c7\u00f6z\u00fcm:<\/strong> Mailing list y\u00f6neticileri <em>From rewrite<\/em> uygulamal\u0131d\u0131r (mesajlar\u0131n From&#8217;u list adresine de\u011fi\u015fir, ki\u015finin ger\u00e7ek ad\u0131 subject&#8217;a veya g\u00f6vdeye ta\u015f\u0131n\u0131r). Modern mailing list yaz\u0131l\u0131mlar\u0131 bunu otomatik yapar.<\/p>\n<h3>5. Birden Fazla Alt Domain Karma\u015fas\u0131<\/h3>\n<p>From: <code>info@subsidiary.sirketim.com<\/code> ama DMARC kayd\u0131 sadece sirketim.com&#8217;da. Subsidiary&#8217;nin kendi DMARC&#8217;\u0131 yoksa:<\/p>\n<ul>\n<li>DMARC organizational domain (sirketim.com) politikas\u0131na bakar<\/li>\n<li>SPF\/DKIM alignment <code>sp=<\/code> (subdomain policy) ile y\u00f6netilir<\/li>\n<\/ul>\n<p>E\u011fer <code>sp=reject<\/code> yay\u0131nlad\u0131ysan\u0131z ama alt domain&#8217;lerinizden mail g\u00f6nderiyorsan\u0131z, hepsi reject olabilir. Dikkatli olun.<\/p>\n<h2>Alignment&#8217;\u0131 Nas\u0131l Test Ederim?<\/h2>\n<h3>1. DMARC Raporlar\u0131n\u0131z\u0131 Okuyun<\/h3>\n<p>Aggregate raporlarda <code>policy_evaluated<\/code> k\u0131sm\u0131 <code>dkim<\/code> ve <code>spf<\/code> sonu\u00e7lar\u0131n\u0131 g\u00f6sterir. E\u011fer pass ama disposition fail g\u00f6r\u00fcyorsan\u0131z, alignment sorunu vard\u0131r. <a href=\"https:\/\/rbl.watch\/blog\/dmarc-raporlari-nasil-okunur-aggregate-forensic\/\" rel=\"nofollow\">DMARC raporlar\u0131 okuma rehberimize<\/a> bak\u0131n.<\/p>\n<h3>2. Test Mesaj\u0131 G\u00f6nderin ve Header&#8217;\u0131 \u0130nceleyin<\/h3>\n<p>Gmail&#8217;e bir test mesaj\u0131 g\u00f6nderin, &#8220;Orijinali g\u00f6ster&#8221; ile ba\u015fl\u0131\u011f\u0131 al\u0131n, <a href=\"https:\/\/rbl.watch\/tools\/header-analyzer\">RBL Watch E-posta Ba\u015fl\u0131k Analizi<\/a> arac\u0131na yap\u0131\u015ft\u0131r\u0131n. SPF\/DKIM\/DMARC sonu\u00e7lar\u0131n\u0131 an\u0131nda g\u00f6r\u00fcrs\u00fcn\u00fcz.<\/p>\n<h3>3. DKIM Anahtar\u0131n\u0131z\u0131 ve SPF Kayd\u0131n\u0131 Do\u011frulay\u0131n<\/h3>\n<ul>\n<li><a href=\"https:\/\/rbl.watch\/tools\/spf-check\">SPF kontrol<\/a><\/li>\n<li><a href=\"https:\/\/rbl.watch\/tools\/dkim-check\">DKIM kontrol<\/a><\/li>\n<li><a href=\"https:\/\/rbl.watch\/tools\/dmarc-check\">DMARC kontrol<\/a><\/li>\n<\/ul>\n<h2>Do\u011fru Alignment&#8217;a Kavu\u015fmak \u0130\u00e7in Kontrol Listesi<\/h2>\n<ol>\n<li>T\u00fcm g\u00f6nderim kaynaklar\u0131n\u0131z\u0131 listeleyin (transactional sunucu, ESP, marketing platform, bordro yaz\u0131l\u0131m\u0131 vb.).<\/li>\n<li>Her birinin Return-Path domain&#8217;i <code>sirketim.com<\/code> veya alt domain&#8217;inde mi kontrol edin.<\/li>\n<li>Her birinin DKIM imzas\u0131 <code>d=sirketim.com<\/code> veya alt domain mi kontrol edin.<\/li>\n<li>ESP&#8217;lerde &#8220;custom domain&#8221; veya &#8220;sender authentication&#8221; yap\u0131land\u0131rmas\u0131n\u0131 tamamlay\u0131n.<\/li>\n<li>Mailing list kullan\u0131yorsan\u0131z &#8220;From rewrite&#8221; aktif mi do\u011frulay\u0131n.<\/li>\n<li>DMARC raporlar\u0131n\u0131 2-4 hafta izleyin, alignment fail oran\u0131n\u0131 %0&#8217;a d\u00fc\u015f\u00fcr\u00fcn.<\/li>\n<li>Sonra <code>p=quarantine; pct=25<\/code> \u2192 <code>pct=100<\/code> \u2192 <code>p=reject<\/code> kademeli ge\u00e7i\u015f yap\u0131n.<\/li>\n<\/ol>\n<h2>S\u0131k\u00e7a Sorulan Sorular<\/h2>\n<h3>Strict mi relaxed alignment m\u0131 kullanmal\u0131y\u0131m?<\/h3>\n<p>\u00c7o\u011fu durumda <strong>relaxed (varsay\u0131lan)<\/strong> yeterlidir ve esneklik sa\u011flar. Strict alignment (<code>aspf=s<\/code>, <code>adkim=s<\/code>) yaln\u0131zca alt domain&#8217;lerinizden ba\u011f\u0131ms\u0131z mail g\u00f6ndermeyen, \u00e7ok kontroll\u00fc kurumsal yap\u0131da anlaml\u0131d\u0131r.<\/p>\n<h3>Hem SPF hem DKIM alignment \u00e7al\u0131\u015fmal\u0131 m\u0131?<\/h3>\n<p>Hay\u0131r. DMARC i\u00e7in en az biri yeterlidir. <strong>DKIM alignment&#8217;a \u00f6ncelik verin<\/strong> \u00e7\u00fcnk\u00fc forwarding alt\u0131nda bile \u00e7al\u0131\u015f\u0131r.<\/p>\n<h3>SPF&#8217;im 10 DNS lookup limitine tak\u0131l\u0131yor, ne yapmal\u0131y\u0131m?<\/h3>\n<p>SPF&#8217;inizdeki include&#8217;lar\u0131 azalt\u0131n, ip4\/ip6 ile d\u00fcz IP listesine ge\u00e7in (DNS lookup&#8217;a say\u0131lmaz). <a href=\"https:\/\/rbl.watch\/tools\/spf-generator\">SPF Kay\u0131t Olu\u015fturucu<\/a> bu konuda yard\u0131mc\u0131 olur.<\/p>\n<h3>DKIM rotasyonu alignment&#8217;\u0131 bozar m\u0131?<\/h3>\n<p>Hay\u0131r. Eski selector&#8217;\u0131 silmeden yeni selector&#8217;\u0131 yay\u0131nlay\u0131n, 1-2 hafta paralel \u00e7al\u0131\u015ft\u0131r\u0131n, sonra eskiyi kald\u0131r\u0131n. d= domain&#8217;i de\u011fi\u015fmedi\u011fi s\u00fcrece alignment etkilenmez.<\/p>\n<h2>Sonu\u00e7<\/h2>\n<p>Alignment, DMARC&#8217;\u0131n g\u00f6r\u00fcnmeyen ama en kritik par\u00e7as\u0131d\u0131r. SPF ve DKIM teknik olarak pass alsa bile, do\u011fru hizalanmam\u0131\u015fsa mesajlar\u0131n\u0131z spam&#8217;e d\u00fc\u015fer veya <code>p=reject<\/code> ile birlikte reject edilir. \u00d6nce raporlar\u0131n\u0131z\u0131 okuyun, ESP&#8217;lerinizde custom domain&#8217;leri yap\u0131land\u0131r\u0131n, mailing list davran\u0131\u015f\u0131n\u0131 kontrol edin. Birka\u00e7 hafta sistemli \u00e7al\u0131\u015fmayla DMARC pass oran\u0131n\u0131z %99+&#8217;a \u00e7\u0131kacak ve domain&#8217;iniz spoofing&#8217;e kar\u015f\u0131 tamamen kapanacakt\u0131r.<\/p>\n<p>E-posta teslimat sa\u011fl\u0131\u011f\u0131n\u0131z\u0131 360\u00b0 g\u00f6rmek i\u00e7in <a href=\"https:\/\/rbl.watch\/blacklist-check\">IP kara liste kontrol\u00fc<\/a> ile DMARC izlemeyi birlikte kullan\u0131n \u2014 birlikte t\u00fcm teslimat sorunlar\u0131n\u0131 te\u015fhis ederler.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SPF kayd\u0131n\u0131z var, DKIM imzan\u0131z var, DMARC kayd\u0131 yay\u0131nlanm\u0131\u015f. Ama mesajlar\u0131n\u0131z h\u00e2l\u00e2 spam&#8217;e d\u00fc\u015f\u00fcyor veya DMARC raporlar\u0131nda &#8220;fail&#8221; g\u00f6r\u00fcyorsunuz. Bu durumun en yayg\u0131n sebebi, \u00e7o\u011fu y\u00f6neticinin g\u00f6zden ka\u00e7\u0131rd\u0131\u011f\u0131 bir kavramd\u0131r: domain alignment (hizalama). Bu rehberde alignment&#8217;\u0131n ne oldu\u011funu, neden DMARC&#8217;\u0131n \u00f6z\u00fcn\u00fc olu\u015fturdu\u011funu, SPF ve DKIM alignment aras\u0131ndaki fark\u0131, en s\u0131k kar\u015f\u0131la\u015f\u0131lan hizalama sorunlar\u0131n\u0131 ve \u00e7\u00f6z\u00fcmlerini &#8230; <a title=\"SPF\/DKIM\/DMARC Hizalama (Alignment) Sorunlar\u0131 ve \u00c7\u00f6z\u00fcmleri\" class=\"read-more\" href=\"https:\/\/rbl.watch\/blog\/spf-dkim-dmarc-hizalama-alignment-rehberi\/\" aria-label=\"Read more about SPF\/DKIM\/DMARC Hizalama (Alignment) Sorunlar\u0131 ve \u00c7\u00f6z\u00fcmleri\">Devam\u0131n\u0131 oku<\/a><\/p>\n","protected":false},"author":2,"featured_media":305,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,6],"tags":[],"class_list":["post-285","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-eposta-guvenligi","category-nasil-yapilir"],"_links":{"self":[{"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/posts\/285","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/comments?post=285"}],"version-history":[{"count":1,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/posts\/285\/revisions"}],"predecessor-version":[{"id":288,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/posts\/285\/revisions\/288"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/media\/305"}],"wp:attachment":[{"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/media?parent=285"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/categories?post=285"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbl.watch\/blog\/wp-json\/wp\/v2\/tags?post=285"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}