This guide presents the Global Security tool, which allows you to verify that the relationships between a domain name and an Infomaniak Mail Service are optimal in terms of security. This involves checking the SPF / DKIM / DMARC records, and the Global Security tool allows you to intervene in the configuration if necessary.

Access the Global Security diagnostic tool

To access Global Security:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the product concerned.
3. Click on Global Security in the left sidebar:
   

Verify optimal email functionality

Once you have accessed Global Security, review and verify the 3 security mechanisms inherent to emails: SPF, DKIM, and DMARC policy. These indications should display in green:

Otherwise, this may explain why an email that is not spam is treated as such.

Click on Edit or Create to configure SPF, DKIM, and DMARC according to the recommendations below to secure your Mail Service against potential identity theft:

SPF (Sender Policy Framework)

SPF (click here to configure) allows the owner of a domain name to specify which servers are authorized to send emails on behalf of that domain. This helps reduce the risk of spam and phishing, as the recipient's mail server can verify if the sender is authorized by consulting the sender domain's DNS records.

Under these conditions and in case of a detected problem, you will find a Correct button that will allow you to automatically update your SPF.

If correcting one of the mentioned issues is not possible, it must be done on the configuration set up by the owner or technician of the sender's domain name.

If your domain name points to Wix or another provider, the SPF mustbe configured with the provider in question.

DKIM (Domain Keys Identified Mail)

DKIM (click here to configure) is a protocol that allows you to sign emails when sending them.

When your domain name (or its DNS zone) is managed elsewhere, you will find in this section Global Security > DKIM the DKIM record to add in the DNS zone.

You can configure multiple DKIM records on your domain without a fixed limit, unlike DMARC or SPF, which is crucial if you use multiple third-party email providers for your daily communications.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC (click here to configure) allows you to indicate to other mail servers (the email providers of the contacts to whom you send an email) the policy to follow in case of receipt of a "suspicious" email (unauthenticated, for example) from your mail server (hosted by Infomaniak). In addition, you can be notified of the "incident" by a summary message (called a "DMARC report") providing information on recent activity of your email related to the domain name.

DMARC requires a valid SPF and DKIM. A wizard allows you to configure DMARC according to Infomaniak's recommendations in simple mode or entirely at your discretion in expert mode (allows you to enter the record of your choice). The corresponding necessary entries (type TXT) will then be automatically applied in the DNS zone of the domain concerned (if administratively possible - domain managed in the same organization, for example).

To check the records within your DNS, you can also use an external and free service like the one mentioned at the bottom of this other guide.

Refer to this other guide if you are looking for information on the fourth point of the Global Security page.