Resend SPF, DKIM, DMARC Configuration - Step-by-Step Guide

Resend SPF, DKIM, DMARC Configuration - Step-by-Step Guide

July 14, 2024

How to setup Resend DMARC, DKIM and SPF records?

SPF (Sender Policy Framework) helps prevent email spoofing by allowing domain owners to specify which mail servers are authorized to send email on behalf of their domain.

DKIM (DomainKeys Identified Mail) adds a digital signature to your email headers, enabling the recipient's server to verify that the email has not been altered during transit and that it indeed comes from your domain.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) builds on SPF and DKIM. It allows domain owners to specify how receiving mail servers should deal with emails that fail SPF or DKIM checks.

In this guide post, we will guide you through the domain authentication process with the help of Email Labs DNS records. So stay tuned!

Configuring Resend DNS Records:

  1. On the dashboard, click Domains in the left navigation menu.

  2. Click Add Domain and write down your domain name.

    Go to Domains tab and click Add Domain

  3. On the next page, you'll see the MX and TXT records. Add these records to the DNS provider.

    Add the MX and TXT records to the DNS provider

Adding Resend Records to the DNS Provider:

  1. Login to your DNS provider. We are using Cloudflare for this guide.

  2. Go to the Websites tab and click your domain.

    Go to your Website in the DNS provider

  3. Click DNS in the left menu and go to Records.

  4. Hit the Add Record button to add new records.

    Click DNS, go to Records and hit the Add Record button

  5. Select type MX/TXT (as mentioned with the record).

  6. Add the Host name in the Name field of the DNS dashboard.

  7. Add the record value in the Mail server/Content field.

  8. Set the priority "10" for the MX record.

  9. Finally, click the Save button.

    Add the MX/TXT record to the DNS dashboard

Generating Resend DMARC Record:

The DMARC value provided by Resend is a p=none value which provides initial monitoring and is not helpful for implementing a strict policy. Moreover, it doesn't have a server that receives rejected emails. Without the insight, you can not take action to secure your emails.

To implement a strict policy (p=reject), you can use our DMARC tool which also provides you access to the reports dashboard so you can take action accordingly.

  1. Go to the DMARC Checker.

  2. Write your domain name and click Check.

    Write down the domain name and click Check

  3. The tool gives you a suggested value - add it to your DNS provider.

    Add the DMARC record to the DNS provider

  4. After adding the value to the DNS dashboard, sign up at DmarcDkim.com to get access to the reports dashboard.

Verify DNS Records:

  1. After adding DNS records to the dashboard, click the Verify DNS Records button.

  2. If records were added successfully, you should see "Verified" highlighted with green next to each record.

    Click the

  3. If they are not verified immediately, wait up to 24 hours for the servers to propagate DNS changes.

If the records are not verified after 24 hours, there might be a potential misconfiguration in your DNS setup. To troubleshoot the problem, you can hire a DmarcDkim.com expert to help you out.