1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Automatically check SPF / DKIM / DMARC
This guide presents the Global Security tool, which allows verifying that the relationships between a domain name and an Infomaniak Mail Service are optimized in terms of security. This involves checking SPF / DKIM / DMARC records, and the Global Security tool allows intervention in the configuration if necessary.
Accessing the Global Security diagnostic tool
To access Global Security:
- Log in to the Infomaniak Manager (manager.infomaniak.com) from a web browser such as Brave or Edge
- Click on the icon in the top right corner of the interface (or navigate through the left sidebar menu, for example)
- Choose Mail Service (universe Collaborative Tools)
- Click on the name of the relevant object in the displayed table
- Click on Global Security in the left sidebar menu
Verify the optimal functioning of email
Once on Global Security, read and verify the 3 security mechanisms inherent in emails: SPF, DKIM, and DMARC policy. These indications should appear in green:
Otherwise, this may explain why an email is treated as spam when it is not.
Click on Edit or Create to configure SPF, DKIM, and DMARC according to the recommendations below to secure your Mail Service against potential identity theft:
SPF (Sender Policy Framework)
SPF (click here to configure) allows the owner of a domain name to specify which servers are allowed to send emails on behalf of that domain. This helps reduce the risk of spam and phishing since the recipient's mail server can check if the sender is authorized by consulting the sender domain's DNS records.
Under these conditions and if a problem is detected, you will find a Fix button that allows you to update your SPF automatically.
If fixing either of the mentioned issues is not possible, it must be done on the configuration set up by the owner or technician of the sender domain.
If your domain name points to Wix or another provider, the SPF must be configured with the respective provider.
DKIM (Domain Keys Identified Mail)
DKIM (click here to configure) is a protocol that allows signing emails when they are sent.
When your domain name is managed elsewhere, you will find the DKIM record to add to the DNS zone under this section Global Security > DKIM.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
DMARC (click here to configure) allows indicating to other mail servers (the mail providers of the contacts to whom you send an email) the policy to follow when receiving a "suspicious" email (unauthenticated, for example) from your mail server (hosted by Infomaniak). In addition, you can be notified of the "incident" by a summary message (called "DMARC report") providing information on the recent activity of your mail related to the domain name.
DMARC requires a valid SPF and DKIM. An assistant helps you configure DMARC according to Infomaniak recommendations in simple mode or entirely at your discretion in expert mode (allows entering the record of your choice). The necessary entries (type TXT) will then be automatically applied in the DNS zone of the concerned domain name (if administratively possible - domain managed in the same organization, for example).
Infomaniak is neither able to analyze your possible reports and DKIM records, nor able to pronounce on the validity or conformity of these, as this is entirely your responsibility.