1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Automatically check SPF / DKIM / DMARC
This guide presents the Global Security tool that allows you to verify that the relationships between a domain name and an Infomaniak Mail Service are optimal in terms of security. This involves checking SPF / DKIM / DMARC records, and the Global Security tool allows you to intervene on the configuration if needed.
Access the Global Security diagnostic tool
To access Global Security:
- Click here to access your product management on Infomaniak Manager (need help?).
- Click directly on the name assigned to the concerned product.
- Click on Global Security in the left sidebar:
Verify optimal email functionality
Once on Global Security, review and verify the 3 security mechanisms inherent to emails: SPF, DKIM, and DMARC policy. These indicators should appear in green:
Otherwise, this might explain why a non-spam email is being treated as spam.
Click on Edit or Create to configure SPF, DKIM, and DMARC according to the recommendations below to secure your Mail Service against potential identity theft:
SPF (Sender Policy Framework)
SPF (click here to configure) allows a domain name owner to specify which servers are authorized to send emails on behalf of this domain. This helps reduce the risk of spam and phishing since the recipient's mail server can verify if the sender is authorized by checking the sender domain's DNS records.
Under these conditions and if a problem is detected, you will find a Fix button that will allow you to update your SPF automatically.
If fixing one or more of the mentioned issues is not possible, it means it must be done on the configuration set up by the owner or technician of the sender's domain name.
If your domain name points to Wix or another provider, the SPF must be configured with that provider.
DKIM (Domain Keys Identified Mail)
DKIM (click here to configure) is a protocol that allows signing emails when they are sent.
When your domain name (or its DNS zone) is managed elsewhere, you will find in this section Global Security > DKIM the DKIM record to add to the DNS zone.
You can configure multiple DKIM records on your domain without a fixed limit unlike DMARC or SPF, which is crucial if you use multiple third-party email providers for your daily communications.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
DMARC (click here to configure) allows you to indicate to other mail servers (the mail providers of contacts to whom you send an email) the policy to follow when receiving a "suspicious" email (unauthenticated, for example) from your mail server (hosted by Infomaniak). Additionally, you can be notified of the "incident" through a summary message (called "DMARC report") providing information about recent mail activity linked to the domain name.
DMARC requires valid SPF and DKIM. An assistant helps you configure DMARC according to Infomaniak recommendations in simple mode or entirely as you wish in expert mode (allows you to enter the record of your choice). The corresponding necessary entries (TXT type) will then be automatically applied in the DNS zone of the concerned domain name (if administratively possible - domain managed in the same organization, for example).
Infomaniak is neither able to analyze your potential DMARC reports and records, nor able to comment on their validity or compliance, as this is entirely your responsibility.
Check out this other guide if you are looking for information about the fourth point on the Global Security page.