1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Automatically check SPF / DKIM / DMARC
This guide presents the Global Security tool, which allows you to verify that the relationships between a domain name and an Infomaniak Mail Service are optimized in terms of security. This involves checking SPF / DKIM / DMARC records, and the Global Security tool allows you to intervene on the configuration if necessary.
Accessing the Global Security diagnostic tool
To access Global Security:
- Log in to the Infomaniak Manager (manager.infomaniak.com) from a web browser like Brave or Edge
- Click on the icon in the top right corner of the interface (or navigate through the left sidebar menu, for example)
- Choose Mail Service (under the Collaborative Tools section)
- Click on the name of the relevant object in the displayed table
- Click on Global Security in the left sidebar menu
Verify optimal email functionality
Once on Global Security, read and verify the 3 email security mechanisms: SPF, DKIM, and DMARC. These indications should be displayed in green:
Otherwise, this may explain the treatment of a non-spam email as spam.
Click on Edit or Create to configure SPF, DKIM, and DMARC according to the recommendations below to secure your Mail Service against potential identity theft:
SPF (Sender Policy Framework)
SPF (click here to configure) allows a domain owner to specify which servers are authorized to send emails on behalf of that domain. This helps reduce the risk of spam and phishing because the recipient's mail server can check if the sender is authorized by consulting the sender domain's DNS records.
Under these conditions, if a problem is detected, you will find a Fix button that allows you to update your SPF automatically.
If fixing either of the mentioned issues is not possible, it must be done on the configuration set up by the owner or technician of the sender domain.
If your domain points to Wix or another provider, the SPF must be configured with the respective provider.
DKIM (Domain Keys Identified Mail)
DKIM (click here to configure) is a protocol that allows emails to be signed when sent.
When your domain name is managed elsewhere, you will find the DKIM record to add to the DNS zone in this Global Security > DKIM section.
You can configure multiple DKIM records on your domain without a fixed limit, unlike DMARC or SPF, which is crucial if you use multiple third-party email providers for your daily communications.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
DMARC (click here to configure) allows you to inform other mail servers (the mail providers of the contacts to whom you send an email) about the policy to follow when receiving a "suspicious" email (unauthenticated, for example) from your mail server (hosted by Infomaniak). Additionally, you can be notified of the "incident" by a summary message (called "DMARC report") providing information about the recent activity of your domain-related email.
DMARC requires a valid SPF and DKIM. An assistant helps you configure DMARC according to Infomaniak's recommendations in simple mode or completely as you wish in expert mode (allows you to enter the record of your choice). The corresponding necessary entries (type TXT) will then be automatically applied in the DNS zone of the relevant domain name (if administratively possible - domain managed within the same organization, for example).
Infomaniak is neither able to analyze your potential DMARC reports and records, nor able to assess their validity or compliance, as this is entirely your responsibility.