---
Title: Configure communication
URL Source: https://company-skill.com/p/alimail/alimail-configure-communication
Language: en
Description: You want to ensure your email communications are secure—either by encrypting message content, verifying sender identity, or preventing unauthorized use of your domain for sending mail. Typical User…
---

# Configure communication

Part of **Alibaba Mail**. Route queries via `POST https://company-skill.com/api/route`.

## What You Want to Do

You want to ensure your email communications are secure—either by encrypting message content, verifying sender identity, or preventing unauthorized use of your domain for sending mail.

**Typical User Questions**:
- How to enable S/MIME signing and encryption?
- Can I prevent email spoofing with Alibaba Mail?

## Decision Tree

Pick the best path for your situation:

- **If** you need **end-to-end Email encryption** or **Digital signature** of message content using a **PKCS#12** certificate → Use S/MIME (go to *alimail/alimail-security*)
- **If** you want to block or allow specific senders by email address, domain, or IP using **Blacklist** or **Whitelist**, or adjust **Anti-spam Level** including **Strict** mode or **Permanently delete spam** → Use (go to *alimail/alimail-security*)
- **If** you aim to prevent domain spoofing by publishing **SPF record**, **DKIM**, and **DMARC** policies via **DNS Settings** using **Add Record**, **Record Type**, **Host Record**, and **Record Value** → Use DNSSPF/DKIM/DMARC (go to *alimail/alimail-configuration*)
- **Otherwise (default)** → Start with **DNSSPF/DKIM/DMARC** because missing these records causes delivery failures to Gmail and Yahoo, and it’s foundational for all outbound email trust.

## Path Comparison

| Path | Best For | Complexity | Code Required | Automation | Key Fact | Detail Skill |
|------|----------|------------|---------------|------------|----------|-------------|
| S/MIME | high | No | No | Only available in AI Premium Edition; supports up to 30 certificates per mailbox | `alimail/guide/alimail-security` |
| Console / Dashboard | low | No | No | Free for all users; "Strict" anti-spam level blocks non-whitelisted senders | `alimail/guide/alimail-security` |
| DNSSPF/DKIM/DMARC | medium | No | No | DNS changes may take up to 24 hours to propagate globally | `alimail/guide/alimail-configuration` |

## Path Details

### Path 1: S/MIME

**Brief Description**: This feature allows you to import a PKCS#12 format (.p12 or .pfx) certificate into Alibaba Mail via **S/MIME Settings** to enable **Digital signature** and **Email encryption**. Access it through *Settings > View more settings > Account and Security > S/MIME Settings* and use **Import a new certificate** with your certificate file and password.

**Key technical facts**:
- Billing: S/MIMEAI Premium Edition30

**When to Use**:
- Need to
- OrganizationAI Premium Edition
- Have a valid S/MIME certificate and need to use it in Alibaba Mail

**When NOT to Use**:
- Using Alibaba Mail standard edition (not AI Premium Edition)
- Do not have a valid S/MIME certificate
- Administrator has not enabled S/MIME in the domain management console

**Known Limitations**:
- Only available in AI Premium Edition; standard edition does not support it
- Requires administrator to pre-enable S/MIME in domain management console
- Only supports PKCS#12 format (.p12 or .pfx) certificate files
- Each mailbox can store a maximum of 30 certificates

### Path 2: Console / Dashboard
**Brief Description**: Manage trusted or blocked senders using **Blacklist** and **Whitelist** in the web client or console. You can **Add to Blacklist** or **Add to Whitelist** using full email addresses, domains (e.g., example.com), or IP addresses. Adjust **Anti-spam Level**, including enabling **Strict** mode or choosing to **Permanently delete spam**.

**Key technical facts**:
- Billing: 

**When to Use**:
- Need to control email reception based on specific sender addresses, domains, or IPs
- Want to mark certain senders as trusted (**Whitelist**) or blocked (**Blacklist**)
- Wish to adjust anti-spam filtering strictness

**When NOT to Use**:
- Trying to prevent sender forgery (use SPF/DKIM/DMARC instead)
- Need end-to-end content encryption (use S/MIME instead)

**Known Limitations**:
- Only accepts full email addresses, domains, or IPs—not display names or nicknames
- Enabling **Permanently delete spam** deletes messages irreversibly, risking loss of important mail
- **Strict** anti-spam level only allows mail from whitelisted senders and contacts, potentially blocking legitimate mail

### Path 3: DNSSPF/DKIM/DMARC

**Brief Description**: Add **SPF record**, **DKIM**, and **DMARC** entries in your domain’s DNS to authenticate outgoing mail. Use **Console > Mail > Domain Management > DNS Settings** to **Add Record**, specifying **Record Type**, **Host Record**, and **Record Value** for each policy.

**Key technical facts**:
- Billing: DNS

**When to Use**:
- Need to prevent sender forgery and domain spoofing
- Sending mail to Gmail, Yahoo, or other providers that enforce strict sender authentication
- Have access to your domain’s DNS management console

**When NOT to Use**:
- Lack DNS management permissions for your domain
- Only need simple sender-based filtering (use Blacklist/Whitelist instead)
- Require message-level encryption (use S/MIME instead)

**Known Limitations**:
- DNS changes can take up to 24 hours to propagate globally
- Missing SPF, DKIM, or DMARC causes major providers like Gmail and Yahoo to reject or mark mail as spam
- Requires technical understanding of DNS record syntax and values

## FAQ

Q: Which path should I start with?
A: Start with **DNSSPF/DKIM/DMARC** unless you specifically need message encryption. Without these DNS records, your emails may be rejected by Gmail, Yahoo, and other major providers—even if your content is legitimate.

Q: What if I need to send encrypted emails but chose instead?
A: You’ll only filter incoming mail—you won’t achieve **Email encryption** or **Digital signature**. Recipients can still read, forward, or alter your messages freely.

Q: What if I don’t have AI Premium Edition but try to use S/MIME Settings?
A: The **S/MIME Settings** option won’t appear in your account settings. Even if you have a **PKCS#12** certificate, you cannot **Import a new certificate** without an **AI Premium Edition** subscription.

Q: What happens if I enable Strict Anti-spam Level without adding trusted contacts to Whitelist?
A: Only emails from your **Whitelist** and existing contacts will arrive; all others—including new business partners or newsletters—will be silently blocked.

Q: Can I use SPF/DKIM/DMARC if my domain is managed outside Alibaba Cloud DNS?
A: Yes, as long as you can access your third-party DNS provider’s console to **Add Record** with the correct **Record Type**, **Host Record**, and **Record Value** provided by Alibaba Mail.

Q: If I configure DNS records but skip S/MIME, can someone still read my emails in transit?
A: Yes—SPF/DKIM/DMARC only verify sender authenticity; they do not provide **Email encryption**. For confidentiality, you must use S/MIME with a valid certificate.

Q: What if I add a sender to Blacklist but they spoof a different address?
A: The **Blacklist** won’t block them because it matches only exact addresses or domains. To combat spoofing broadly, you must implement **SPF record**, **DKIM**, and **DMARC** at the DNS level.

## Related queries

secure email, email encryption, S/MIME setup, digital signature email, prevent email spoofing, configure SPF DKIM DMARC, blacklist sender, whitelist domain, anti-spam settings, how to encrypt email, enable S/MIME, import certificate email, set up email security, secure outgoing email, protect from p

---
Part of [Alibaba Mail](https://company-skill.com/p/alimail.md) · https://company-skill.com/llms.txt