DNS Configuration for Optimails Deliverability
Category: Administration · Optimails Messaging
Target audience: System administrators
Why this step is important
DNS configuration directly impacts your email deliverability.
Without these records, your outgoing emails may be considered suspicious or rejected by recipient mail servers.
⚠️ Mandatory order: Always configure SPF → DKIM → DMARC → Autodiscover → MX last.
Changing MX records too early will route traffic before security mechanisms are fully in place.
Prerequisites
Before modifying DNS records, make sure you have:
Access to the e-securemail administration console → https://www.security-mail.net
Permission to edit DNS records at your domain registrar
The destination mail server correctly configured in the console:
Configuration > Domain Settings
Value: mails.optimails.com or mails-ng.optimails.com
Step 1 — SPF
SPF declares which servers are authorized to send emails on behalf of your domain.
Create or modify the TXT record:
| Field | Value |
|---|---|
| Type | TXT |
| Name | your-domain.com |
| Value | v=spf1 include:includespf.security-mail.net -all |
| TTL | 10800 |
If you already have an SPF record, do not create a second one — simply add include:includespf.security-mail.net to the existing record.
Example:
v=spf1 include:your-previous-value include:includespf.security-mail.net -all
Step 2 — DKIM
DKIM is the cryptographic signature added to every outgoing email.
It guarantees message integrity and proves that your domain has not been spoofed.
Generate the key from the e-securemail console
Connect to https://www.security-mail.net
Navigate to
Configuration > Domain SettingsIn the left menu, click
DKIMClick "Get Public Key"
Copy the generated value
Create the DNS record
| Field | Value |
|---|---|
| Type | TXT |
| Name | sec-sig-email._domainkey.your-domain.com |
| Value | (public key copied from the console) |
| TTL | 3600 |
Enable DKIM in the console
Once the DNS record has been published, confirm DKIM activation from your e-securemail console.
The console will automatically verify the presence of the key.
Without this confirmation step, DKIM will not be used even if the DNS record is correctly configured.
Step 3 — DMARC
DMARC defines how emails failing SPF or DKIM checks should be handled.
It also enables deliverability reporting.
Create the TXT record:
| Field | Value |
|---|---|
| Type | TXT |
| Name | _dmarc.your-domain.com |
| Value | v=DMARC1; p=none; rua=mailto:dmarc@secuserve.com; |
| TTL | 3600 |
📊 The address dmarc@secuserve.com allows the e-securemail console to collect and display DMARC reports in a simplified format.
⚠️ The p=none policy is recommended during the initial deployment phase.
Only switch to p=quarantine or p=reject after confirming that SPF and DKIM are functioning correctly.
Step 4 — MX Records (last)
MX records define which servers handle your incoming emails.
Only modify them after validating all previous steps.
| Priority | Server |
|---|---|
| 10 | france.security-mail.net. |
| 20 | europe.security-mail.net. |
Some registrars require a trailing dot after .net — verify the syntax requirements of your DNS interface.
Post-configuration verification
After DNS propagation (which may take up to 24 hours), you can verify:
SPF & DKIM: Send a test email and review the received email headers
DMARC: Check for report reception in the e-securemail console after 48 hours
MX: Test email reception from an external domain
Related resources
Detailed SPF guide
DKIM guide with video tutorial
DMARC reports in the console
Administration console: https://www.security-mail.net
Configure Optimails on your email client or multifunction printer