Overview
If your organization uses an email security monitoring tool (such as Valimail, Dmarcian, or similar), you may see emails flagged as failing an "alignment" check. This article explains why that happens and what you can do about it.
Why Is This Happening?
Many organizations set up DMARC — an email security standard that helps protect your domain from being used by spammers or impersonators. Part of how DMARC works is checking that emails claiming to be "from" your domain were actually authorized by your domain. This check is called alignment.
Tithely sends emails on your behalf through a third-party service called SendGrid. Because Tithely uses a shared sending system across many churches, the behind-the-scenes email authentication belongs to Tithely's domain — not your church's domain. When your DMARC monitoring tool checks alignment, it sees this mismatch and flags the email as a failure.
This is not a mistake on your part. Your Tithely emails are still being sent correctly — this is simply a limitation of how Tithely's shared email infrastructure works.
Can We Add Custom DNS Records for My Domain?
Not at this time. Setting up custom email authentication (DKIM/CNAME records) for each individual church would require a level of per-account configuration that Tithely's platform does not currently support.
We understand this is important for organizations with stricter email security requirements, and we're working through improvements.
A Note on SPF Records
You may have seen guidance recommending that you add the following to your domain's SPF record:
v=spf1 include:sendgrid.net ~all
For most deliverability issues, this is helpful. However, if you are specifically trying to resolve a DMARC alignment failure, adding this record will not fix the problem — and it could push you toward the maximum number of allowed DNS lookups without any benefit. We recommend skipping this step if DMARC alignment is your concern.
What We Recommend: Alternate Sending
The best solution we can offer right now is enabling Alternate Sending on your account.
Here's what that means in plain terms:
Instead of us sending emails that appear to come from your church's domain (e.g.,
pastor@firstbaptistchurch.com), emails are sent from a Tithely-owned address (e.g.,pastor_rt@mail.tithely.com).Replies still go directly to your correct email address — your congregation won't need to do anything differently.
Because the email now comes from Tithely's own domain, the alignment issue with your domain goes away entirely.
This won't give you full custom domain authentication, but it protects deliverability and removes Tithely emails as a source of alignment failures in your security reports.
Our support team can enable Alternate Sending for you quickly — no DNS changes or IT work required. Just reach out via the chat bubble and let us know you'd like it turned on.
Summary
| Situation | Recommendation |
|---|---|
| DMARC monitoring tool flags Tithely emails | Expected behavior — not a misconfiguration |
| Considering adding sendgrid.net to SPF record | Skip it — won't resolve DMARC alignment |
| Want to stop alignment failures in reports | Enable Alternate Sending (contact support) |
| Need full custom DKIM authentication | Not currently supported — feedback logged |