What is IMAP email migration?

IMAP email migration is the process of transferring emails from one IMAP email server to another. This includes copying all messages, folders, and folder structures between email providers like Gmail, Outlook, Yahoo, and any server that supports the IMAP protocol. Mailbox Taxi automates this entire process with a simple desktop interface.

How do I migrate emails between IMAP servers?

With Mailbox Taxi, you simply select your source and destination email providers, enter your credentials, test the connection, and click Start. The tool handles all the complexity of IMAP synchronization, folder mapping, and message transfer. You can migrate between any combination of supported providers or custom IMAP servers.

Is my email data safe during migration?

Absolutely. Mailbox Taxi runs 100% on your local desktop — your email credentials and messages never pass through any third-party cloud servers. The connection between your machine and the email servers uses the same TLS encryption as your regular email client.

How long does an IMAP migration take?

Migration speed depends on the number of emails, their size (attachments), and your internet speed. A typical mailbox with 10,000 emails takes roughly 15–30 minutes. Mailbox Taxi's parallel processing feature lets you migrate multiple mailboxes simultaneously, significantly reducing total time for batch migrations.

Can I migrate from Gmail to Outlook (or vice versa)?

Yes! Mailbox Taxi supports migration between any combination of its 10+ supported providers. Gmail to Outlook, Outlook to Yahoo, iCloud to Gmail — any direction works. You can also migrate to and from custom IMAP servers.

Will my original emails be deleted after migration?

No. Mailbox Taxi copies emails from the source to the destination. Your original emails remain untouched on the source server. Think of it as a copy operation, not a move.

Do I need technical knowledge to use Mailbox Taxi?

Not at all. Mailbox Taxi is designed for everyone — from IT professionals managing enterprise migrations to individuals switching personal email providers. The interface guides you through each step, and pre-configured provider settings mean you don't need to know IMAP server addresses or port numbers.

Which email providers does Mailbox Taxi support?

Mailbox Taxi supports Gmail, Outlook/Office 365, Yahoo Mail, iCloud Mail, Zoho Mail, AOL Mail, ProtonMail (via ProtonMail Bridge), Fastmail, GMX, Yandex Mail, and any custom IMAP server. If your provider supports IMAP, Mailbox Taxi can handle it.

Can I migrate multiple email accounts at once?

Yes. Mailbox Taxi supports batch migrations via CSV import. Prepare a CSV file with your account details, import it, and run all migrations in parallel. This is ideal for IT teams handling company-wide email migrations or MSPs managing multiple clients.

What happens if the migration fails or my internet drops?

Mailbox Taxi has built-in crash recovery and pause/resume functionality. If your connection drops or the app crashes, simply restart and resume — it picks up exactly where it left off without re-downloading emails or creating duplicates.

Does Mailbox Taxi work with custom IMAP servers?

Yes. Beyond the 10+ pre-configured providers, you can connect to any IMAP server by entering the hostname, port, and security settings manually. This works for self-hosted servers, corporate email systems, and niche providers.

How much does Mailbox Taxi cost?

Mailbox Taxi will be a one-time purchase with no per-mailbox fees, no monthly subscriptions, and unlimited migrations included. Join the waitlist to be notified when pricing is announced and to lock in early access benefits.

Does Mailbox Taxi work with ProtonMail?

Yes, through ProtonMail Bridge. ProtonMail Bridge is a free desktop app from ProtonMail that provides local IMAP access to your ProtonMail account. Once Bridge is running, Mailbox Taxi connects to it like any other IMAP server.

Will my folder structure be preserved during migration?

Yes. Mailbox Taxi preserves your complete folder hierarchy when migrating between servers. Your inbox, sent, drafts, and custom folders are all replicated on the destination server exactly as they appear on the source.

What operating systems does Mailbox Taxi support?

Mailbox Taxi is a desktop application available for Windows, macOS, and Linux. It runs natively on all three platforms with the same features and performance.

What does SPF stand for?

Sender Policy Framework. It is a DNS record that lists which servers are authorised to send mail on behalf of your domain.

How many SPF records can you have?

Exactly one per domain. If you publish two TXT records starting with v=spf1, most receivers will treat the result as a permanent error.

What is the 10-DNS-lookup limit?

RFC 7208 says a receiver evaluating an SPF record must give up after 10 DNS lookups. Stack too many include statements and your SPF will silently start returning permerror.

Does SPF stop spoofing on its own?

Not really. SPF only authenticates the envelope sender. DMARC, layered on top of SPF and DKIM, is what makes spoofing of your visible From address harder.

Do you need to update SPF during a migration?

Yes. The new provider needs to be included before cutover so outbound mail from the new tenant passes SPF at receivers.

Glossary

What Is SPF? Sender Policy Framework Explained

What is SPF, how the include mechanism works, why the 10-DNS-lookup limit matters, and how to update SPF cleanly when you switch email providers.

Priya Shah

Senior Systems Engineer

Updated May 21, 2026

· 5 min read

SPF is the DNS record that tells the rest of the internet which servers are allowed to send mail using your domain. If outbound mail from your new tenant is landing in spam, or marketing emails are bouncing with policy errors, the SPF record almost always needs work. This page explains what SPF is, how the include mechanism actually behaves at lookup time, and the specific changes you make to SPF during an email migration.

Skip the manual setup — let Mailbox Taxi handle it

One desktop app, every IMAP provider, zero data leaving your machine.

What SPF is

SPF stands for Sender Policy Framework. It is defined in RFC 7208 and is published as a TXT record on your domain. A simple SPF record looks like this:

v=spf1 include:_spf.google.com -all

That single line tells every receiver on the internet: "if a message claims to come from my domain, the sending server should be on Google's list. If it isn't, treat the message as a hard fail."

SPF authenticates the envelope sender — the MAIL FROM address used during the SMTP transaction — not the friendly From address users see in their mail client. That distinction is why SPF on its own does not stop most user-visible spoofing.

How the syntax works

Every SPF record starts with v=spf1 and ends with an all mechanism. In between sit one or more mechanisms that authorise specific senders.

include:_spf.example.com — pull in another domain's SPF record. Use this for cloud providers.
ip4:192.0.2.1 — authorise a specific IPv4 address.
ip6:2001:db8::/32 — authorise an IPv6 range.
a — authorise the domain's own A record.
mx — authorise the hosts listed in the MX record.

The final mechanism is all, prefixed by a qualifier:

-all — hard fail. Reject mail from anything not listed.
~all — soft fail. Accept but mark suspicious.
?all — neutral. Don't make a judgement.

Production records almost always end in -all. Anything weaker tells receivers your policy is advisory.

The 10-DNS-lookup limit

The single most common SPF mistake is going over the lookup limit. RFC 7208 says a receiver evaluating an SPF record must perform no more than 10 DNS lookups in total. Every include, a, mx, exists and redirect counts. Includes are recursive, so each provider's SPF can itself trigger several lookups.

A record like this looks innocent:

v=spf1 include:_spf.google.com include:spf.protection.outlook.com include:sendgrid.net include:mailgun.org include:_spf.salesforce.com -all

In practice it can resolve to 11 or 12 lookups, depending on how each provider has structured their own SPF. Once you exceed 10, receivers return permerror and treat the whole record as broken. Outbound mail from every one of those services starts failing SPF at once.

Audit lookups, not characters

The character limit on a single TXT string (255 chars) is rarely the issue. The 10-DNS-lookup limit is what bites real tenants. Use an SPF flattener or a DNS query tool to count actual lookups before you publish.

SPF during a migration

Updating SPF is one of the four DNS jobs at cutover, alongside MX, DKIM and DMARC.

The pattern is the same regardless of provider.

Find the new provider's include. Microsoft 365 uses include:spf.protection.outlook.com. Google Workspace uses include:_spf.google.com. Zoho uses include:zoho.com.
Add it to the existing SPF record before cutover. SPF can authorise both providers at once during the transition window.
After cutover stabilises, remove the old provider's include to keep the record under the lookup limit and reduce the spoofing surface.

For Microsoft tenants specifically, see the Office 365 migration guide. The SPF step is the same whether you're moving from Google Workspace, GoDaddy, or a self-hosted server.

Testing SPF

Two checks catch almost every problem.

dig TXT example.com — confirm exactly one record starts with v=spf1. If there are two, merge them.
Send a test message to a Gmail address. Open the message, click Show original, and read the Authentication-Results header. SPF should report pass with spf=pass smtp.mailfrom=... pointing at the right sending domain.

If SPF returns softfail or none, the receiver did get a result back but it didn't authorise the sender. If it returns permerror, the record is syntactically broken or over the lookup limit.

Tip

Before a cutover, query SPF from at least one resolver outside your own network (@8.8.8.8 or @1.1.1.1). The provider's admin centre often shows you what it expects to see, not what the public DNS actually returns.

What SPF doesn't do

SPF is one piece of email authentication, not all of it. It does not protect the visible From address. It does not survive forwarding. It does not sign the message body. For full protection you also need DKIM and DMARC. Plan all three changes together in the migration runbook — see the complete email migration guide for how they sequence relative to the MX flip.

Try Mailbox Taxi

Migrate your mailbox the easy way

Join the waitlist for early access and lock in launch pricing.

What Is SPF? Sender Policy Framework Explained

Skip the manual setup — let Mailbox Taxi handle it

What SPF is

How the syntax works

The 10-DNS-lookup limit

SPF during a migration

Testing SPF

What SPF doesn't do

Migrate your mailbox the easy way

Related reading

What Is an MX Record? The DNS Switch Behind Cutover

What Is DKIM? Signing Email So Receivers Trust You

What Is DMARC? A Plain-English Guide for Migrations

The Complete Email Migration Guide for 2026

Office 365 Migration: The Definitive Playbook

Migrate your mailbox the easy way

Skip the manual setup — let Mailbox Taxi handle it

What SPF is#

How the syntax works#

The 10-DNS-lookup limit#

SPF during a migration#

Testing SPF#

What SPF doesn't do#

Migrate your mailbox the easy way

Related reading

What Is an MX Record? The DNS Switch Behind Cutover

What Is DKIM? Signing Email So Receivers Trust You

What Is DMARC? A Plain-English Guide for Migrations

The Complete Email Migration Guide for 2026

Office 365 Migration: The Definitive Playbook

Migrate your mailbox the easy way

What SPF is

How the syntax works

The 10-DNS-lookup limit

SPF during a migration

Testing SPF

What SPF doesn't do