Docs
Email Setup

SPF and DKIM Verification

Configure SPF and DKIM so Ticket0 replies pass spam filters.

SPF and DKIM are email authentication standards that tell receiving mail servers your domain authorised Ticket0 to send email on your behalf. Without them, replies may land in spam.

You don't need a Resend account — Ticket0 handles the sending infrastructure. Your only job is to add the DNS records Ticket0 shows you, and click Check status once DNS propagates.

Get the records from Ticket0

  1. Go to Settings → Domains in your Ticket0 workspace
  2. Select the domain you added (or add one via Add domain)
  3. The DNS records section lists every record you need, with exact name/value pairs and a copy button on each

The records typically include:

  • SPF (TXT) — authorises the sending service
  • DKIM (TXT) — unique per domain, used to sign outbound mail
  • Return-path / MAIL FROM (MX, if applicable) — for bounce handling

Copy each record into your DNS provider exactly as shown.

SPF record

Ticket0 will show you a TXT record similar to:

FieldValue
TypeTXT
Name / Hostsend (or whatever Ticket0 shows — don't assume @)
Valuev=spf1 include:amazonses.com ~all (the exact value comes from Ticket0)

If the record uses @ as the host and you already have an SPF record there, merge the include: into the existing value rather than creating a second TXT record. Multiple SPF records at the same host cause failures.

Example: v=spf1 include:_spf.google.com include:amazonses.com ~all

DKIM record

DKIM keys are unique per domain. Ticket0 generates the key when you add the domain and shows the exact record in Settings → Domains → [your domain] → DNS records. Copy it as-is.

FieldValue
TypeTXT
Name / Hostresend._domainkey (Ticket0 shows the exact value)
Valuep=… public key provided by Ticket0

The value is long (200+ characters). Use the Copy button in Ticket0 rather than selecting manually to avoid truncation — and double-check your DNS provider didn't split it across multiple strings incorrectly.

Verifying

After adding the records, return to Settings → Domains → [your domain] in Ticket0 and click Check status. Ticket0 queries DNS directly and marks each record as Verified once it's visible publicly. DNS typically propagates in 5–30 minutes but can take up to 48 hours.

You can also spot-check from your terminal:

# Check SPF (Ticket0 typically uses the `send` subdomain)
dig TXT send.yourcompany.com

# Check DKIM
dig TXT resend._domainkey.yourcompany.com

If Check status keeps reporting records as missing well after 30 minutes, your DNS provider may be caching aggressively or the record values may have a typo — copy them again from Ticket0 to be sure.

DMARC tells receiving servers what to do when SPF/DKIM checks fail. A minimal DMARC record:

FieldValue
TypeTXT
Name / Host_dmarc
Valuev=DMARC1; p=none; rua=mailto:dmarc@yourcompany.com

Start with p=none (report only) and move to p=quarantine or p=reject once you've confirmed no legitimate email is failing. Ticket0 does not manage DMARC for you — add it directly at your DNS provider.

Custom Domain Configuration

Send replies from your own domain with DKIM/SPF authentication.

Multi-Alias Email

Handle multiple email addresses (support@, billing@, sales@…) in one Ticket0 workspace.

On this page

Get the records from Ticket0SPF recordDKIM recordVerifyingDMARC (optional but recommended)