Domain not verifying? Try this.

Verifying a domain

Resend sends emails using a domain you own.

We recommend using subdomains (e.g., updates.yourdomain.com) to isolate your sending reputation and communicate your intent. Learn more about using subdomains.

In order to verify a domain, you must set two DNS entries:

  1. SPF: list of IP addresses authorized to send email on behalf of your domain
  2. DKIM: public key used to verify email authenticity

These two DNS entries grant Resend permission to send email on your behalf. Once SPF and DKIM verify, you can optionally add a DMARC record to build additional trust with mailbox providers.

Resend requires you own your domain (i.e., not a shared or public domain).

View domain details

The Domains dashboard shows information about your domain name, its verification status, and history.

Need specific help with a provider? View our knowledge base DNS Guides.

What are SPF records

Sender Policy Framework (SPF) is an email authentication standard that allows you to list all the IP addresses that are authorized to send email on behalf of your domain.

The SPF configuration is made of a TXT record that lists the IP addresses approved by the domain owner. It also includes a MX record that allows the recipient to send bounce and complaint feedback to your domain.

What are DKIM records

DomainKeys Identified Mail (DKIM) is an email security standard designed to make sure that an email that claims to have come from a specific domain was indeed authorized by the owner of that domain.

The DKIM configuration is made of a TXT record that contains a public key that is used to verify the authenticity of the email.

Understand a domain status

Domains can have different statuses, including:

  • Not Started: You’ve added a domain to Resend, but you haven’t clicked on Verify DNS Records yet.
  • Pending: Resend is still trying to verify the domain.
  • Verified: Your domain is successfully verified for sending in Resend.
  • Failure: Resend was unable to detect the DNS records within 72 hours.
  • Temporary Failure: For a previously verified domain, Resend will periodically check for the DNS record required for verification. If at some point, Resend is unable to detect the record, the status would change to “Temporary Failure”. Resend will recheck for the DNS record for 72 hours, and if it’s unable to detect the record, the domain status would change to “Failure”. If it’s able to detect the record, the domain status would change to “Verified”.

Open and Click Tracking

Open and click tracking is disabled by default for all domains. You can enable it by clicking on the toggles within the domain settings.

For best deliverability, we recommend disabling click and open tracking for sensitive transactional emails.

How Open Tracking Works

A 1x1 pixel transparent GIF image is inserted in each email and includes a unique reference to this image file. When the image is downloaded, Resend can tell exactly which message was opened and by whom.

How Click Tracking Works

To track clicks, Resend modifies each link in the body of the HTML email. When recipients open a link, they are sent to a Resend server, and are immediately redirected to the URL destination.

Was this page helpful?

TagsRegions