What is IMAP email migration?

IMAP email migration is the process of transferring emails from one IMAP email server to another. This includes copying all messages, folders, and folder structures between email providers like Gmail, Outlook, Yahoo, and any server that supports the IMAP protocol. Mailbox Taxi automates this entire process with a simple desktop interface.

How do I migrate emails between IMAP servers?

With Mailbox Taxi, you simply select your source and destination email providers, enter your credentials, test the connection, and click Start. The tool handles all the complexity of IMAP synchronization, folder mapping, and message transfer. You can migrate between any combination of supported providers or custom IMAP servers.

Is my email data safe during migration?

Absolutely. Mailbox Taxi runs 100% on your local desktop — your email credentials and messages never pass through any third-party cloud servers. The connection between your machine and the email servers uses the same TLS encryption as your regular email client.

How long does an IMAP migration take?

Migration speed depends on the number of emails, their size (attachments), and your internet speed. A typical mailbox with 10,000 emails takes roughly 15–30 minutes. Mailbox Taxi's parallel processing feature lets you migrate multiple mailboxes simultaneously, significantly reducing total time for batch migrations.

Can I migrate from Gmail to Outlook (or vice versa)?

Yes! Mailbox Taxi supports migration between any combination of its 10+ supported providers. Gmail to Outlook, Outlook to Yahoo, iCloud to Gmail — any direction works. You can also migrate to and from custom IMAP servers.

Will my original emails be deleted after migration?

No. Mailbox Taxi copies emails from the source to the destination. Your original emails remain untouched on the source server. Think of it as a copy operation, not a move.

Do I need technical knowledge to use Mailbox Taxi?

Not at all. Mailbox Taxi is designed for everyone — from IT professionals managing enterprise migrations to individuals switching personal email providers. The interface guides you through each step, and pre-configured provider settings mean you don't need to know IMAP server addresses or port numbers.

Which email providers does Mailbox Taxi support?

Mailbox Taxi supports Gmail, Outlook/Office 365, Yahoo Mail, iCloud Mail, Zoho Mail, AOL Mail, ProtonMail (via ProtonMail Bridge), Fastmail, GMX, Yandex Mail, and any custom IMAP server. If your provider supports IMAP, Mailbox Taxi can handle it.

Can I migrate multiple email accounts at once?

Yes. Mailbox Taxi supports batch migrations via CSV import. Prepare a CSV file with your account details, import it, and run all migrations in parallel. This is ideal for IT teams handling company-wide email migrations or MSPs managing multiple clients.

What happens if the migration fails or my internet drops?

Mailbox Taxi has built-in crash recovery and pause/resume functionality. If your connection drops or the app crashes, simply restart and resume — it picks up exactly where it left off without re-downloading emails or creating duplicates.

Does Mailbox Taxi work with custom IMAP servers?

Yes. Beyond the 10+ pre-configured providers, you can connect to any IMAP server by entering the hostname, port, and security settings manually. This works for self-hosted servers, corporate email systems, and niche providers.

How much does Mailbox Taxi cost?

Mailbox Taxi will be a one-time purchase with no per-mailbox fees, no monthly subscriptions, and unlimited migrations included. Join the waitlist to be notified when pricing is announced and to lock in early access benefits.

Does Mailbox Taxi work with ProtonMail?

Yes, through ProtonMail Bridge. ProtonMail Bridge is a free desktop app from ProtonMail that provides local IMAP access to your ProtonMail account. Once Bridge is running, Mailbox Taxi connects to it like any other IMAP server.

Will my folder structure be preserved during migration?

Yes. Mailbox Taxi preserves your complete folder hierarchy when migrating between servers. Your inbox, sent, drafts, and custom folders are all replicated on the destination server exactly as they appear on the source.

What operating systems does Mailbox Taxi support?

Mailbox Taxi is a desktop application available for Windows, macOS, and Linux. It runs natively on all three platforms with the same features and performance.

What does DKIM stand for?

DomainKeys Identified Mail. It is a way of cryptographically signing outbound email so receivers can verify the message has not been altered and was authorised by the sending domain.

Where is the DKIM public key stored?

In DNS as a TXT record at ` ._domainkey. `. The selector lets you publish multiple keys for the same domain.

What is a DKIM selector?

A short label that picks which key to use for a given message. Providers often publish keys at selectors like `selector1`, `s1` or `google`.

Do you need DKIM during a migration?

Yes. Set up DKIM at the new provider, publish the public-key records, and verify signing works before you flip MX. Outbound mail without DKIM tends to land in spam on strict receivers.

Can you have more than one DKIM key live at once?

Yes, and during a migration you usually do. The old provider keeps signing with its selector, the new provider signs with its own, and both DNS records coexist until cutover stabilises.

Glossary

What Is DKIM? Signing Email So Receivers Trust You

What is DKIM, how the public key in DNS proves a message is genuine, what selectors are, and how to set up DKIM at the new provider before cutover.

Priya Shah

Senior Systems Engineer

Updated May 21, 2026

· 5 min read

Code on a screen representing cryptographic signing

DKIM is what turns an outbound email into something a receiver can actually verify. Without it, the only thing stopping a spammer from sending mail that looks like it came from your domain is the SPF record, and SPF doesn't cover the visible From address. This page explains what DKIM is, how selectors and the public key in DNS work together, and the order you set DKIM up in during a migration so mail keeps signing through the cutover.

Skip the manual setup — let Mailbox Taxi handle it

One desktop app, every IMAP provider, zero data leaving your machine.

What DKIM is

DKIM stands for DomainKeys Identified Mail. It is defined in RFC 6376. When a mail server sends a message, it computes a cryptographic signature over selected headers and the body, then attaches that signature as a DKIM-Signature: header on the outgoing message.

A receiver that wants to verify the message looks up a public key in DNS, uses it to check the signature, and learns two things:

The message has not been altered in transit. If anything important changed between the sender and the receiver, the signature breaks.
The signing domain authorised the message. Only someone with the private key paired to the published public key could have produced that signature.

DKIM does not encrypt the message. It signs it. Anyone can still read the contents in transit — DKIM is about authenticity, not privacy.

How the DNS side works

The public half of the keypair lives in DNS as a TXT record. The record name is built from two parts: a selector, and the literal label _domainkey. For example:

selector1._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSq..."

The selector is just a short label chosen by whoever runs the signing server. Common selectors include:

Microsoft 365: selector1 and selector2
Google Workspace: google
Mailgun, SendGrid and other ESPs: s1, mta1, pic, and provider-specific names

The selector matters because it lets one domain publish many keys at once. The signing server tells receivers which key to use by including the selector in the DKIM-Signature: header on every message it sends.

What a DKIM signature actually proves

When a receiver verifies a DKIM signature, the result goes into the Authentication-Results: header on the received message:

Authentication-Results: mx.google.com; dkim=pass header.i=@example.com header.s=selector1

A dkim=pass result means the signature was valid against the published key. It does not mean the message is safe — it just means the listed domain authorised this exact set of bytes. DMARC then takes that result and decides what to do with it.

For the full picture, see SPF and DMARC, which work alongside DKIM to authenticate outbound mail.

Setting up DKIM during a migration

The mistake to avoid is enabling DKIM on the new provider after cutover. By then, every outbound message from the new tenant has already been going out unsigned for hours, and downstream receivers have noticed.

The order that actually works is this:

Generate DKIM keys at the new provider while the old provider is still live. Microsoft 365, Google Workspace and Zoho all expose this in the admin centre.
Publish the public-key TXT records at the new selectors. They will sit alongside the existing provider's records — that's fine.
Enable signing at the new provider with the keys generated in step 1.
Send a test message from a new-tenant mailbox to an external Gmail address. Confirm dkim=pass in the Authentication-Results header.
Flip the MX record only after DKIM verifies cleanly.
Leave the old provider's DKIM records in place for the first 30 days after cutover. Mail that was queued, forwarded or processed before the flip may still be evaluated against the old keys.

Tip

For Microsoft 365 tenants you can publish CNAME records that point at the provider's hosted key endpoint instead of pasting the public key directly. That lets the provider rotate keys without you touching DNS again.

Verifying DKIM works

Three checks confirm signing is healthy.

dig TXT selector1._domainkey.example.com — confirms the public key is published and parseable.
Send to a Gmail address and view the original. Look for dkim=pass. If you see dkim=neutral or dkim=none, the message is not being signed at all.
Send to a strict mailbox such as a corporate Office 365 tenant. Some receivers downgrade unsigned mail more aggressively than Gmail does.

For the Microsoft-specific quirks — selector naming, CNAME publication, and how DKIM interacts with the tenant's accepted domains — see the Office 365 migration guide.

Heads up

Do not paste the private key anywhere. Only the public half ever goes into DNS. If a provider's onboarding wizard asks you to upload a private key into a DNS record, something is wrong and you should stop.

Where DKIM fits in the runbook

DKIM is one of four DNS jobs at cutover, alongside MX, SPF and DMARC. The full sequence — including when each record changes relative to the IMAP copy and the MX flip — is in the complete email migration guide. The short version: DKIM goes live first so the new tenant is already signing before any real mail arrives at it.

Try Mailbox Taxi

Migrate your mailbox the easy way

Join the waitlist for early access and lock in launch pricing.

What Is DKIM? Signing Email So Receivers Trust You

Skip the manual setup — let Mailbox Taxi handle it

What DKIM is

How the DNS side works

What a DKIM signature actually proves

Setting up DKIM during a migration

Verifying DKIM works

Where DKIM fits in the runbook

Migrate your mailbox the easy way

Related reading

What Is SPF? Sender Policy Framework Explained

What Is DMARC? A Plain-English Guide for Migrations

What Is an MX Record? The DNS Switch Behind Cutover

The Complete Email Migration Guide for 2026

Office 365 Migration: The Definitive Playbook

Migrate your mailbox the easy way

Skip the manual setup — let Mailbox Taxi handle it

What DKIM is#

How the DNS side works#

What a DKIM signature actually proves#

Setting up DKIM during a migration#

Verifying DKIM works#

Where DKIM fits in the runbook#

Migrate your mailbox the easy way

Related reading

What Is SPF? Sender Policy Framework Explained

What Is DMARC? A Plain-English Guide for Migrations

What Is an MX Record? The DNS Switch Behind Cutover

The Complete Email Migration Guide for 2026

Office 365 Migration: The Definitive Playbook

Migrate your mailbox the easy way

What DKIM is

How the DNS side works

What a DKIM signature actually proves

Setting up DKIM during a migration

Verifying DKIM works

Where DKIM fits in the runbook