Menu

Set up DKIM, SPF and DMARC

Sep 29, 2025

OVERVIEW: This page walks you through the process of setting up Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF), and Domain-based Message Authentication, Reporting, and Conformance (DMARC). At the completion of this procedure, you will be able to set up the following protocols to successfully implement VMC. To order Verified Mark Certificate, please refer to this page.

What is DKIM, SPF and DMARC?

DKIM (Domain Keys Identified Mail), SPF (Sender Policy Framework), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are all protocols used in email security to prevent spam, phishing attacks, and other email security risks. DKIM, SPF, and DMARC are all crucial building blocks for VMC (Verified Mark Certificate) but don't directly interact with the logo verification itself. They work together to ensure emails claiming to be from your domain are legitimate, which is essential for VMC to function effectively.  

Implementing Email Authentication 

VMC relies on strong email authentication to function effectively. This typically involves implementing two protocols: DKIM (Domain Keys Identified Mail) and SPF (Sender Policy Framework). Here's a breakdown of the steps with example record additions:  

Set up DKIM

  1. Generate a DKIM key pair . Your email provider might offer DKIM wizard to assist you with this step.

  2. Publish the public key in your domain's DNS as a TXT record. Here's an example record: -
    selector._domainkey.yourdomain.com TXT v=DKIM1; p=YourPublicKey 

Set up SPF

  1. Be ready with the names of domains and sub domains you need to set SPF for. 

  2. Collect IP address that our used via email on these domains.  

  3. Create an SPF record in your domain's DNS that specifies authorized email servers for your domain. You can include mechanisms like IP addresses or domain names of authorized email providers. You can use SPF record in .txt for each domain using a text-editing program (i.e. Notepad ++)

    Here's a basic example SPF record:
    v=spf1 ip4:2**.1*3.2**.2**/** ip4:2*.1*1.4*.2*5/*2 ip4:2*1*.1*.1**.16*/** ip4:1**.**.7.*/*0 include:spf.yourmailprovider.com-all

  4. Add a new TXT Record containing the SPF text in DNS. 

Implement DMARC Policy

Once you have DKIM and SPF in place, you can proceed with setting up DMARC:  

  1. Decide how you want DMARC to handle unauthenticated emails (e.g., quarantine, reject). Start with a monitoring policy (p=none) to assess email traffic before switching to stricter enforcement like (p=reject) or (p=quarantine). 
    Note: for VMC to work, you need to set p = reject (at any percent) or p = quarantine (at 100%).  

  2. Create a TXT record in your domain's DNS with specific DMARC settings.  Record details can be found through your email provider or DNS management console.

    Here's a basic example DMARC record for VMC with Reject Policy: 
    v=DMARC; p=reject, pct=100; rua=mailto:dmarc-reports@yourdomain.com 

Related Articles

Verified Mark Certificate Installation

May 14, 2024, 5:38 AM

Install VMC to securely display your trademarked logo in supported email clients, enhancing brand trust and visibility. Read more.

Read More

Convert Logo per BIMI Guidelines

May 14, 2024, 9:26 AM

Read More

Verified Mark Intermediate Certificate

May 15, 2024, 4:28 AM

Find and install GlobalSign Intermediate Certificates for VMC to complete the certificate trust chain. Read more.

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support