Domain Verification and DNS Configurations for Resend
When you create a new Resend account, you can send emails from the default onboarding@resend.dev address. However, to send from your custom domain (such as user@mycompany.com), you must verify ownership of your domain using DNS records.
1. Why is Domain Verification Critical?
If your mail server sends an email claiming to be from mycompany.com without verification, the recipient mail client (like Gmail or Outlook) will block the email as spam.
Verifying your domain proves to recipient servers that Resend is authorized to deliver emails on behalf of your brand domain.
2. Setting Up DNS Record Types
To verify your domain, add these three DNS records in your domain registrar (such as Cloudflare, Namecheap, or GoDaddy):
A. SPF (Sender Policy Framework)
A TXT record that lists the authorized IP addresses allowed to send emails on behalf of your domain name.
B. DKIM (DomainKeys Identified Mail)
Adds a cryptographic signature header to every email. Recipient servers use your public DNS key to verify that the message was not modified in transit.
C. DMARC (Domain-based Message Authentication)
A TXT policy that tells recipient servers how to handle emails that fail SPF or DKIM checks (such as sending them to spam folders or rejecting them).
3. Registering Domain in Resend Console
- Navigate to Resend Dashboard -> Domains -> Add Domain.
- Type your domain name (for example,
mycompany.com) and choose your region. - Resend will display a set of DNS records (typically 2 MX records and 3 TXT/CNAME records).
- Copy these values and paste them into your registrar DNS settings panel.
- Click Verify Domain in Resend. Once verified (it can take up to 24 hours for global DNS propagation), your domain status will change to Active.