During an email migration, DNS configuration is often the most technical part. MX, SPF, DKIM, DMARC... These acronyms can seem intimidating. Yet understanding them is essential to ensure your email deliverability and prevent messages from ending up in spam.
Overview: How Email Works
When you send an email to contact@example.com, here\'s what happens:
- Your email server looks up the MX records for example.com
- It gets the receiving server\'s address
- It establishes a connection and transmits the email
- The destination server checks SPF, DKIM, and DMARC before accepting
- The email arrives (or doesn\'t) in the recipient\'s inbox
Each DNS record plays a specific role in this process.
MX Record: Your Mail Server\'s Address
What Is the MX Record For?
The MX (Mail eXchanger) record indicates which server should receive emails for your domain. Think of it as the postal address for your digital mailbox.
MX Record Format
example.com. IN MX 10 mail.example.com.
- example.com – Your domain
- IN MX – Record type
- 10 – Priority (lower = higher priority)
- mail.example.com – Destination server
MX for Infomaniak
To use Infomaniak servers, configure:
| Type | Name | Value | Priority |
|---|---|---|---|
| MX | @ (or blank) | mta.infomaniak.ch | 10 |
Priority and Redundancy
You can define multiple MX records with different priorities. If the primary server is unavailable, the next one takes over:
- MX 10 mail-primary.example.com (tried first)
- MX 20 mail-secondary.example.com (if the first fails)
SPF: Who Is Allowed to Send?
What Is SPF For?
SPF (Sender Policy Framework) lists the servers authorized to send emails for your domain. It\'s a protection against identity spoofing.
When a server receives an email from @example.com, it checks whether the sending server is listed in example.com\'s SPF record. If not, the email is suspicious.
SPF Record Format
v=spf1 include:spf.infomaniak.ch ~all
- v=spf1 – SPF protocol version
- include: – Includes the authorized servers from another domain
- ~all – Policy for other servers (soft fail)
SPF for Infomaniak
| Type | Name | Value |
|---|---|---|
| TXT | @ (or blank) | v=spf1 include:spf.infomaniak.ch ~all |
SPF Mechanisms
a– Authorizes the IP from the domain\'s A recordmx– Authorizes the servers listed in the MX recordip4:x.x.x.x– Authorizes a specific IPinclude:domain– Includes another domain\'s SPF
End Qualifiers
-all– Strictly reject (hard fail)~all– Mark as suspicious (soft fail) – recommended?all– Neutral, no verification
Watch Out for Multiple Includes
SPF allows a maximum of 10 DNS lookups. If you use multiple services (Infomaniak + Mailchimp + SendGrid...), you may exceed this limit. Use SPF verification tools.
DKIM: Digital Signature for Emails
What Is DKIM For?
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to each email. The recipient can verify that the message wasn\'t modified in transit and genuinely came from the legitimate server.
How It Works
- Your email server signs each message with a private key
- The public key is published in DNS
- The receiving server retrieves the public key
- It verifies the message signature
- If the signature is valid, the email is authenticated
DKIM Record Format
DKIM uses a TXT record with a selector:
selector._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0G..."
DKIM for Infomaniak
Infomaniak automatically generates and manages DKIM for you. If you use Infomaniak DNS servers, it\'s configured automatically. Otherwise, retrieve the record from your Infomaniak Manager.
| Type | Name | Value |
|---|---|---|
| TXT | infomaniak._domainkey | v=DKIM1; k=rsa; p=[public key] |
DMARC: The Security Policy
What Is DMARC For?
DMARC (Domain-based Message Authentication, Reporting & Conformance) combines SPF and DKIM to define a policy for handling failed emails. It tells receiving servers what to do if an email fails the checks.
DMARC Record Format
_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"
- v=DMARC1 – Protocol version
- p= – Policy to apply
- rua= – Address for receiving reports
DMARC Policies
p=none– Monitoring mode (do nothing, just report)p=quarantine– Send suspicious emails to spamp=reject– Reject suspicious emails
Recommended Starting DMARC
| Type | Name | Value |
|---|---|---|
| TXT | _dmarc | v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com |
Recommended Progression
Start with p=none to observe without risk. Analyze the reports for a few weeks. Then move to p=quarantine and finally p=reject once you\'re sure everything is properly configured.
DNS Propagation: The Time Factor
What Is Propagation?
When you modify a DNS record, the change isn\'t instantaneous. It must propagate across DNS servers worldwide. This is propagation.
Propagation Duration
- Theoretical: defined by the record\'s TTL (Time To Live)
- Practical: generally a few minutes to 48 hours
- Average: 1 to 4 hours for most changes
Minimizing Propagation Time
- Reduce the TTL of your records to 300 (5 minutes) a few days before the migration
- Make the change
- Once propagated, restore a normal TTL (3600 or higher)
Complete Configuration for Infomaniak
Here are all the DNS records needed for an optimal Infomaniak email configuration:
| Type | Name | Value |
|---|---|---|
| MX | @ | mta.infomaniak.ch (priority 10) |
| TXT | @ | v=spf1 include:spf.infomaniak.ch ~all |
| TXT | infomaniak._domainkey | [DKIM key provided by Infomaniak] |
| TXT | _dmarc | v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com |
Verifying Your Configuration
Online Tools
- MXToolbox – Comprehensive MX, SPF, DKIM, DMARC verification
- Mail-tester.com – Test deliverability by sending an email
- DMARC Analyzer – DMARC report analysis
Command Line Tools
Check MX:nslookup -type=MX yourdomain.com
Check SPF:nslookup -type=TXT yourdomain.com
Check DKIM:nslookup -type=TXT selector._domainkey.yourdomain.com
Common Mistakes to Avoid
Multiple SPF Records
You can only have one SPF record per domain. If you have multiple, they cancel each other out.
Solution
Combine all your includes into a single record: v=spf1 include:spf.infomaniak.ch include:spf.otherservice.com ~all
MX Still Pointing to the Old Provider
Emails continue arriving at the old host after migration.
Solution
Verify that you changed the MX record at your DNS registrar (not at the old email host).
Conclusion
Email DNS configuration may seem complex, but it\'s essential for:
- Receiving your emails (MX)
- Preventing your emails from being marked as spam (SPF, DKIM)
- Protecting your domain against spoofing (DMARC)
Take the time to properly configure these records. If you\'re not comfortable with it, InfoSwitch can handle this technical part of your migration.
Ready to migrate to Infomaniak?
Contact us for a free 15-minute audit. We will analyze your situation and provide you with a personalized quote.
Request a free audit