DMARC is all about verifying that the address in the ‘From’ header is the actual sender of the message.
Alignment means that these domains should match (or a partially match when using a relaxed setup).
For DKIM this means that the domain used to create the signature (and provided through the d= parameter), should match the ‘From’ header.
For SPF this is the domain in the RFC5321.MailFrom (MAIL FROM) portion of SMTP or the RFC5321.EHLO/HELO domain, or both. These may be different domains, and they are typically not visible to the end user. Most of the time the ‘Return-Path’ header is used for this.
Example for DKIM:
You send mail from yourdomain.com using some-esp.com. This ESP correctly signs these mails with a DKIM signature. They do this using their domain some-esp.com. This DKIM signature itself is valid as passes. However, as the signing domain some-esp.com does not match your domain, these messages are not aligned. The ESP should sign the messages using yourdomain.com to make these messages DMARC compliant.
Example for SPF:
You send mail from yourdomain.com using some-esp.com. This ESP has setup bounce processing and therefor use a ‘Return-Path’ header of [email protected]. The ESP has whitelisted their own servers through their SPF record. However, as the domain in the Return-Path header does not match yourdomain.com, these messages do not align. The ESP should change the Return-Path header or add an aligned DKIM signature.