This guide details the operations automatically performed by Infomaniak to secure the email of Service Mail domain names with extensions .ch and .li.

Adding or modifying certain DNS records

To ensure the security of global email exchanges, it has been decided to automatically apply certain DNS configurations to domain names with .ch/.li extensions (and whose DNS zone is on Infomaniak) that have no other impact than to avoid unsolicited emails on both sides. You do not need to do anything specific about this, however, it is recommended to familiarize yourself below with the explanations regarding the necessary modifications and their reasons.

Updating the SPF (Sender Policy Framework)

SPF is an essential security mechanism for verifying the authenticity of emails sent on behalf of a specific domain.

When you own a domain name in .ch/.li and wish to secure your email services, it is recommended to configure SPF using the directive "-all".

If this is not the case currently (SPF in "?all" for example) this policy will be applied automatically.

DMARC Reject policy at 100%

The DMARC policy is a mechanism that allows you to control how emails from your domain should be handled if they do not pass SPF and DKIM (DomainKeys Identified Mail) checks.

When you configure a DMARC "Reject" policy at 100%, this means that any email that fails SPF or DKIM checks must be rejected, i.e., blocked, by the receiving server.

You can also consider a configuration with a DMARC "Quarantine" policy at 100% which will treat any email that fails SPF or DKIM checks as spam and may be quarantined, i.e., moved to the SPAM folder.

Consequences of SPF and DKIM failures

If an email fails SPF or DKIM verification, it is considered unauthenticated. This means that the receiving server can mark it as potentially unreliable, quarantine it, or reject it (the latter case will be in effect), depending on the defined DMARC policy. This ensures that only legitimate emails, sent in accordance with established security policies, are accepted.