Infomaniak’s commitment to optimising email security and deliverability

Sending an email seems simple, but in reality, each message has to overcome a host of obstacles before it reaches its recipient: anti-spam filters, IP address reputation checks, blacklists, phishing attempts, sender authentication, etc. As a provider of millions of email addresses in Europe, Infomaniak constantly adjusts its measures to guarantee a reliable, secure and efficient messaging service that respects privacy.

How does Infomaniak filter unsafe emails when they are received?

In order to protect our users effectively, we use several constantly adapting security filters to automatically analyse, reject or delete unsafe emails:

• Anti-virus protection: dangerous emails and attachments are automatically deleted to ensure user safety.
• Anti-spam protection: when an email is determined to have a high probability of being spam, it is moved to a specific (“SPAM”) folder so that the user can check whether it is legitimate. In addition, every suspicious message can be reported by our community, which strengthens everyone’s protection.
• Anti-phishing protection: phishing emails are blocked before they reach users’ inboxes or reported by our community via the Infomaniak Mail app. If a phishing attack is detected after the fact, our system responds by automatically moving unsafe messages to users’ spam folders to protect them.
• Targeted blocking: Infomaniak can temporarily suspend a domain, user, server or provider in the event of a confirmed threat.
• Real-time blocking lists (RBLs): we are connected to databases that track IP addresses associated with cyberattacks; this bolsters our ability to stop threats before they reach our users.

Thanks to these technologies and the involvement of our community, we offer optimal protection against unsafe emails.

Striking the right balance between security and deliverability

When it comes to securing emails, a delicate balance must be established between effective protection and a seamless user experience.

• If the filtering rules are too strict, legitimate emails may be blocked or sent to the spam folder. This can impact important communications, such as payment confirmations, business exchanges or notifications of essential services.
• Conversely, overly lax filters would allow spam, phishing attempts and other fraudulent emails through, exposing users to the risk of data theft and scams.

At Infomaniak, our filtering rules are adjusted accordingly to maintain this balance and ensure the best experience for our customers. We rely on real-time analysis, user feedback and our links with other providers to ensure optimal deliverability without compromising security.

How does Infomaniak guarantee the deliverability of your emails?

With Infomaniak, your emails are signed, verified and protected

Every email address managed by Infomaniak is automatically protected against attempted fraud. Any message whose sender cannot be authenticated or whose integrity is compromised is systematically rejected to ensure maximum security. Daniele Mazzocchio, Site Reliability Engineer

We use three protocols to ensure the security of both sending and receiving emails: SPF, DKIM and DMARC. These function as a seal of approval, making it possible to verify the authenticity of the sender and the integrity of the message.

FPS – Sender verification

Upon receipt of an email, the SPF (Sender Policy Framework) allows us to verify that the source IP address is authorised to send emails for the sender domain. This permission is defined in the DNS records of the sender domain.

When sending an email, the SPF allows us to check that we are not sending emails for a domain that doesn’t authorise us. However, this protocol doesn’t prevent another provider’s server from sending messages by forging a given address (this is known as email spoofing). This is why the SPF check relies mainly on the receiving server.

In short, the SPF prevents cybercriminals from sending fraudulent emails by spoofing a legitimate address. If an email comes from an unauthorised server, it can be marked as spam or rejected.

DKIM – Protecting the integrity of emails

DKIM (DomainKeys Identified Mail) adds a unique digital signature to emails when they are sent. This signature acts as a security seal, proving that the message has not been changed along the way. When the email is received, this signature is verified using a public key stored in the DNS of the sender’s domain. If the signature is valid, it confirms that the email is authentic and has not been tampered with by a malicious third party.

In concrete terms, this increases protection against fraudulent emails and guarantees that the messages received are indeed those that were originally sent, with no tampering or malicious modification.

DMARC – Application of security rules

Upon receipt, DMARC (Domain-based Message Authentication, Reporting and Conformance) analyses the SPF and DKIM results to ensure that the sender is legitimate. For an email to be considered authentic, it must:

• Pass the SPF verification and come from a server authorised by the sender’s domain, or
• Pass the DKIM verification and have a cryptographic signature confirming that the email has not been tampered with and that it comes from the domain specified

If these conditions are not met, a security policy applies, with three potential outcomes:

1. Complete rejection of the message if it is suspicious.
2. Quarantine, the email is sent directly to the spam folder.
3. No action, whereby the recipient decides what to do with it.

In summary, DMARC acts as a security controller that prevents fraudulent mails from reaching users, which reduces the risk of identity theft and phishing.

Thanks to these default protocols, Infomaniak reinforces the protection of its users against phishing and identity theft, while ensuring the authenticity and reliability of sent and received emails.

Why are some emails rejected?

The main reason an email doesn’t reach its destination is because it has been rejected. At Infomaniak, we block emails that pose a risk to our users, but we also apply these rules to outgoing emails. For example, if a message is deemed suspicious or malicious, it might be rejected before reaching the recipient.

The importance of email server reputation

The more reliable a server is considered, the more the emails it sends will be accepted by other providers such as Gmail or Outlook. This reputation depends on several factors, including our anti-spam, anti-phishing and anti-virus filters that prevent our servers from being used to deliver unwanted content.

All the users of a server will share its reputation. This means that if just one user sends spam, it can impact everyone else. In some cases, a server may even be temporarily blocked, leading to legitimate emails being rejected.

At Infomaniak, we apply strict security measures and activate SPF, DKIM and DMARC by default. These allow recipients to check that the emails sent from our infrastructure are authentic and have not been falsified. All this contributes to the good reputation of our servers and increases the deliverability of our users’ emails.

Specific measures to secure the sending of emails

Infomaniak implements several mechanisms to ensure that emails are sent reliably and securely:

• Proactive monitoring: our protection systems block thousands of suspicious IP addresses every day. If abnormal activity is detected (such as mass spam), access is temporarily restricted to prevent it impacting further users and to ensure the good reputation of the servers.
• User verification: if an email is flagged as suspicious (e.g. a newsletter sent to unconfirmed contacts), the user can justify their activity before the email is restored. They can also see which message caused the block and change their password if necessary. This mechanism increases the security of our users by enabling them to check that their email address has not been hacked to send unwanted messages, for example.
• Feedback loops with large-scale suppliers: Infomaniak works with major operators such as SFR, Orange, Swisscom, etc. to quickly detect and block unwanted messages or fraudulent emails that have escaped our filters.

Continuous efforts to ensure good deliverability of emails

Spammers’ techniques are constantly evolving. Each new feature requires adjustments to our systems to ensure security. The introduction of free email addresses, for example, has led to an increase in spam, which has meant tightened controls need to be implemented.

There is no one perfect security configuration, because safety and deliverability are a moving target. Daniele Mazzocchio, Site Reliability Engineer

Infomaniak pulls out all the stops to ensure that its email servers continue to have an excellent reputation:

• A robust and consistent email infrastructure: we use numerous IP addresses dedicated to sending emails, which helps spread the load and prevent a single IP from being overloaded or blocked.
• Proactive management of email incidents: in the event of a problem, our team intervenes directly by contacting the providers who have blocked us, instead of simply changing IP. This approach guarantees a lasting resolution and helps maintain the reputation of our email servers.
• A professional email solution: for mass emailing, we offer the Newsletter tool, a non-subscription emailing solution that allows you to send campaigns in complete security, with dedicated sending servers.

More

• Create a free email address with Infomaniak
• Why manage your emails in Switzerland with Infomaniak?
• The guide to switching from Gmail to Infomaniak
• How to increase the deliverability of your email campaigns?