Menu

How to set DKIM, SPF and DMARC

Mar 20, 2025

DKIM (Domain Keys Identified Mail), SPF (Sender Policy Framework), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are all protocols used in email security to prevent spam, phishing attacks, and other email security risks. DKIM, SPF, and DMARC are all crucial building blocks for VMC (Verified Mark Certificate) but don't directly interact with the logo verification itself. They work together to ensure emails claiming to be from your domain are legitimate, which is essential for VMC to function effectively.  

Implementing Email Authentication 

VMC relies on strong email authentication to function effectively. This typically involves implementing two protocols: DKIM (Domain Keys Identified Mail) and SPF (Sender Policy Framework). Here's a breakdown of the steps with example record additions:  

Set up DKIM:

  1. Generate a DKIM key pair . Your email provider might offer DKIM wizard to assist you with this step.
  2. Publish the public key in your domain's DNS as a TXT record. Here's an example record: -
    selector._domainkey.yourdomain.com TXT v=DKIM1; p=YourPublicKey 

Set up SPF:

  1. Be ready with the names of domains and sub domains you need to set SPF for. 
  2. Collect IP address that our used via email on these domains.  
  3. Create an SPF record in your domain's DNS that specifies authorized email servers for your domain. You can include mechanisms like IP addresses or domain names of authorized email providers. You can use SPF record in .txt for each domain using a text-editing program (i.e. Notepad ++)

    Here's a basic example SPF record:
    v=spf1 ip4:2**.1*3.2**.2**/** ip4:2*.1*1.4*.2*5/*2 ip4:2*1*.1*.1**.16*/** ip4:1**.**.7.*/*0 include:spf.yourmailprovider.com-all
  4. Add a new TXT Record containing the SPF text in DNS. 

Implementing DMARC Policy

Once you have DKIM and SPF in place, you can proceed with setting up DMARC:  

  1. Decide how you want DMARC to handle unauthenticated emails (e.g., quarantine, reject). Start with a monitoring policy (p=none) to assess email traffic before switching to stricter enforcement like (p=reject) or (p=quarantine). 
    Note: for VMC to work, you need to set p = reject (at any percent) or p = quarantine (at 100%).  

  2. Create a TXT record in your domain's DNS with specific DMARC settings.  Record details can be found through your email provider or DNS management console.

    Here's a basic example DMARC record for VMC with Reject Policy: 
    v=DMARC; p=reject, pct=100; rua=mailto:dmarc-reports@yourdomain.com 

If you would like to learn more about securing your emails with VMCs, you may reach out to us here.

Related Articles

VMC Installation

May 14, 2024, 5:38 AM

This guide will help you install your Verified Mark Certificate or VMC. Before you install your VMC, please make sure that your domain has DMARC, DKIM and SPF record setup.

Read More

How to Convert Logos per BIMI Guidelines

May 14, 2024, 9:26 AM

In order to convert your logo to a specific format which is needed as per BIMI Guidelines, you can use software like Adobe Illustrator. If you have another alternative software, feel free to use that.

Read More

Verified Mark Intermediate Certificate

May 15, 2024, 4:28 AM

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support