Knowledge base

1000 FAQs, 500 tutorials and instructional videos. Here, there are only solutions!

Secure Mail Traffic with SPF / DMARC

Update 07/03/2026

This guide details the operations performed automatically by Infomaniak to secure the email services for domain names with the .ch and .li extensions.

 

Adding or modifying certain DNS records

To guarantee the security of email exchanges worldwide, it has been decided to automatically apply certain DNS configurations to domain names with the .ch/.li extension (and whose DNS zone is on Infomaniak). These configurations have no other impact than preventing unsolicited emails from being sent back and forth. You do not need to take any specific action in this regard; however, it is recommended that you review the explanations below regarding the necessary changes and their reasons.

 

Updating the SPF (Sender Policy Framework)

SPF is an essential security mechanism for verifying the authenticity of emails sent on behalf of a specific domain.

If you own a domain name in .ch/.li and want to secure your email services, it is recommended to configure SPF using the "-all" directive.

If this is not currently the case (SPF is set to "?all", for example), this policy will be applied automatically.

 

100% DMARC Reject Policy

The DMARC policy is a mechanism that controls how emails originating from your domain should be treated if they fail SPF and DKIM (DomainKeys Identified Mail) verification.

When you configure a DMARC policy to "Reject" at 100%, it means that any email that fails SPF or DKIM checks must be rejected, i.e., blocked, by the receiving server.

You can also consider a configuration with a DMARC policy set to "Quarantine" at 100%, which will treat any email that fails SPF or DKIM checks as spam and may be placed in quarantine, i.e., moved to the SPAM folder.

Consequences of SPF and DKIM Failures

If an email fails the SPF or DKIM check, it is considered unauthenticated. This means that the receiving server may mark it as potentially unreliable, place it in quarantine, or reject it (the latter will be the case), depending on the DMARC policy defined. This ensures that only legitimate emails, sent in accordance with established security policies, are accepted.


Has this FAQ been helpful?