This guide presents the Global Security tool, which allows you to check that the relationship between a domain name and an Service Mail Infomaniak is optimal in terms of security. This involves checking the SPF / DKIM / DMARC records, and the Global Security tool allows you to intervene in the configuration if necessary.

Access the Security global diagnostic tool

To access Global Security:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on Global Security in the left sidebar:
   

Check the optimal functioning of the email service

Once you have accessed **Global Security**, familiarize yourself and check the three security mechanisms inherent to emails: **SPF**, **DKIM** and **DMARC** policy. These indications should display in green‍:

Otherwise this may explain why an email is treated as spam when it is not.

Click on Edit or Create to configure SPF, DKIM and DMARC according to the recommendations below to secure your Service Mail against potential identity theft:

SPF (Sender Policy Framework)

SPF (click here to configure) allows the owner of a domain name to specify which servers are authorized to send emails on behalf of that domain. This helps to reduce the risk of spam and phishing since the recipient's mail server can verify if the sender is authorized by consulting the sender domain's DNS records.

Under these conditions and if a problem is detected, you will find a Fix button that will allow you to update your SPF automatically.

If the correction of any of the mentioned issues is not possible, it is because it must be done on the configuration set up by the owner or technician of the sender's domain.

If your domain name points to Wix or another provider, the SPF must be configured with the provider in question.

DKIM (Domain Keys Identified Mail)

DKIM (click here to configure) is a protocol that allows emails to be signed when they are sent.

When your domain name (or its DNS zone) is managed elsewhere, you will find in this section Global Security > DKIM the DKIM record to add in the DNS zone.

You can configure multiple DKIM records on your domain without a set limit, unlike DMARC or SPF, which is crucial if you use several third-party email providers for your daily communications.‍

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC (click here to configure) allows you to indicate to other mail servers (the email providers of the contacts to whom you send an email) the policy to follow in case of receipt of a "suspicious" email (e.g., unauthenticated) from your mail server (hosted by Infomaniak). Furthermore, you can be notified of the "incident" by a summary message (called a "DMARC report") providing information about the recent activity of your email related to the domain name.

DMARC requires a valid SPF and DKIM. An assistant allows you to configure DMARC according to Infomaniak's recommendations in simple mode or entirely as you wish in expert mode (allows you to enter the record of your choice). The corresponding necessary entries (type TXT) will then be automatically applied in the DNS zone of the relevant domain (if administratively possible - domain managed within the same organization, for example).

To verify the records within your DNS, you can also use an external and free service like the one mentioned at the bottom of this other guide.

Refer to this other guide if you are looking for information about the fourth point on the Global Security page.