SPF and DKIM Verification
Configure SPF and DKIM so Ticket0 replies pass spam filters.
SPF and DKIM are email authentication standards that tell receiving mail servers that your domain authorised Ticket0 (via Resend) to send email on your behalf. Without them, replies may land in spam.
SPF record
Add a TXT record to your domain's DNS:
| Field | Value |
|---|---|
| Type | TXT |
| Name / Host | @ (or your domain) |
| Value | v=spf1 include:amazonses.com ~all |
If you already have an SPF record, add include:amazonses.com to the existing value rather than creating a second TXT record. Multiple SPF records cause failures.
Example: v=spf1 include:_spf.google.com include:amazonses.com ~all
DKIM record
Resend provides a unique DKIM key per domain. Find yours in Resend → Domains → [your domain] → DNS records.
Add a CNAME (or TXT) record:
| Field | Value |
|---|---|
| Type | CNAME |
| Name / Host | resend._domainkey |
| Value | Provided by Resend |
Verifying the records
After adding the records, click Verify in Resend. The check queries DNS directly and confirms each record is in place. This can take up to 48 hours but is usually faster.
You can also verify manually with dig:
# Check SPF
dig TXT yourcompany.com
# Check DKIM
dig CNAME resend._domainkey.yourcompany.comDMARC (optional but recommended)
DMARC tells receiving servers what to do when SPF/DKIM checks fail. A minimal DMARC record:
| Field | Value |
|---|---|
| Type | TXT |
| Name / Host | _dmarc |
| Value | v=DMARC1; p=none; rua=mailto:dmarc@yourcompany.com |
Start with p=none (report only) and move to p=quarantine or p=reject once you've confirmed no legitimate email is failing.