Resend SMTP Setup: API Key, DNS, and Send in 5 Minutes (2026)
3,000 emails/month free. Username is literally 'resend'. Developer-first.
TL;DR
- check_circleResend SMTP server: smtp.resend.com — port 465 (SSL/TLS), 587 (STARTTLS), 2465, or 2587.
- check_circleUsername is the literal string 'resend' — yes, just that word.
- check_circlePassword is your API key (starts with re_) — copy at creation, never shown again.
- check_circleFree tier: 3,000 emails/month, 100/day, no credit card required.
- check_circleYou MUST verify a domain — Resend has no shared-sender fallback. The whole platform is domain-first by design.
Connection settings
smtp.resend.com465SSL/TLSresend (literally that word)Your Resend API Key starting with re_What you'll need
A Resend account
Sign up at resend.com. Email and password, takes 30 seconds. Free tier active immediately.
Sign up for Resendopen_in_newA domain you control
Resend doesn't let you send from a shared address — every account must add and verify at least one sending domain. No exceptions, even on the free plan.
DNS access
You'll add 3 records: SPF, DKIM, and Return-Path. Most DNS providers (Cloudflare, Namecheap, Google Domains) propagate in under 5 minutes.
Step-by-step setup
- 1
Create a Resend account
Sign up at resend.com. Verify your email. The dashboard opens automatically.
Sign upopen_in_new - 2
Add your sending domain
Dashboard → Domains → Add Domain. Pick a subdomain like updates.yourdomain.com or send.yourdomain.com — recommended for isolation. Click "Add."
Add a domainopen_in_newlightbulbTip: Using a subdomain rather than the apex keeps your primary inbox provider's MX records untouched.
- 3
Add the 3 DNS records
Resend shows: SPF TXT, DKIM TXT (their selector resend._domainkey), and a Return-Path MX/CNAME for bounce handling. Copy them into your DNS provider, save, wait for propagation.
warningWatch out: The DKIM record value can be long (300+ characters). Some DNS hosts split long TXT records automatically — that's fine. Some require manual splitting at 255 chars — Cloudflare handles it, GoDaddy sometimes doesn't.
- 4
Click Verify
Resend re-queries DNS and turns each record green when it sees the correct value. Most domains verify within 2 minutes. Slow registrars can take up to an hour.
- 5
Create an API Key
Dashboard → API Keys → Create API Key → name it (e.g. CodeOpx Mail) → choose permission scope. "Sending access" is enough for SMTP. Click Add — copy the re_xxx... key immediately.
Create API Keyopen_in_newwarningWatch out: The API Key is shown ONCE. There's no way to retrieve it later — only revoke and create a new one.
- 6
Use these SMTP server settings
Host: smtp.resend.com · Port: 465 with SSL/TLS · Username: resend (literal lowercase word) · Password: your full API key including the re_ prefix.
lightbulbTip: Need port 587 with STARTTLS? Use 2587. Standard 587 also works but Resend recommends 465 with implicit SSL.
- 7
Send a test message
From: any address @yourverifieddomain.com. Recipients can be anywhere. Resend will not relay any send from an unverified domain.
Connect to CodeOpx Mail
Wire Resend into CodeOpx Mail:
- 1Add SMTP config
Dashboard → SMTP → "Add config" → choose Resend. Username "resend" pre-fills.
- 2Paste the API Key
Paste the full re_xxx... key as the password.
- 3Test the connection
Click "Test connection." Green check = ready. If you get 535, double-check that the username is literally "resend" not your email.
- 4Send from the verified domain
Set From to anyone@yourverifieddomain.com. Resend rejects unverified senders with helpful 5xx codes.
Common errors & fixes
535 5.7.0 Authentication failedAPI Key invalid
Username is wrong, key is revoked, or you're using the wrong prefix.
Fix: Username must be exactly 'resend' (lowercase). Password must be the full re_xxx... key. Generate a new key if in doubt.
550 Domain not verifiedSending domain hasn't passed DNS verification
Resend's domain check found at least one missing or wrong record.
Fix: Open Domains in the Resend dashboard. Click your domain. Re-verify and look at which record is red. Compare it byte-for-byte with your DNS provider.
401 UnauthorizedAPI Key revoked or wrong permissions
The key was deleted or didn't have sending permission.
Fix: Create a new API key with at least Sending Access permission.
422 Unprocessable EntityValidation failed
Usually triggered when From, To, Subject, or HTML/text is missing.
Fix: Confirm all required fields are present. Resend is strict about RFC compliance — empty Subjects, for instance, are rejected.
429 Too Many RequestsRate-limited
Hitting Resend's per-second send rate cap.
Fix: Reduce burst rate to ~2/sec on the free tier, ~10/sec on paid. Resend's rate limits auto-clear after 60 seconds.
Sending limits
Resend has the cleanest pricing in transactional email. Free tier is generous; paid plans are usage-based with predictable per-1k pricing.
| Free tier | 3,000 emails / month, 100 / day |
| Pro plan | $20/mo for 50,000 emails |
| Per-second rate (free) | 2 requests/sec |
| Per-second rate (paid) | 10 requests/sec, scalable |
| Max message size | 10 MB total |
| Max recipients per message | 50 (To + CC + BCC combined) |
- lightbulbResend's developer experience is exceptional — their React Email companion library lets you write email templates with React components. Worth checking if you're shipping product email.
- lightbulbThe dashboard's event log is real-time and shows full message previews, including the rendered HTML. Great for debugging.
- lightbulbResend doesn't have a marketing/campaigns tool. It's transactional-only by design — if you need newsletters, pair it with a list manager.
FAQ
Why is the username 'resend' instead of my email?
add
Resend uses the same SMTP auth pattern as SendGrid — a fixed username plus an API key in the password slot. The literal string 'resend' (all lowercase) acts as a routing marker telling their gateway to use API-key auth instead of mailbox auth. Don't try to use your account email.
Can I send from any domain without verification?
add
No. Resend has no shared-sender fallback (unlike SendGrid's Single Sender). Every account must verify at least one domain before any send goes out — this is the platform's defining design choice. Verification takes 2–5 minutes once DNS is set.
What's special about Resend versus SendGrid or Mailgun?
add
Resend is the youngest of the big transactional providers (founded 2022). Their bet: developer experience first. The API is smaller and more modern, the dashboard is cleaner, error messages are clearer. Pricing is also simpler — no "Foundation/Growth/Scale" tiers, just one paid plan with usage-based scaling.
Does Resend support webhooks for bounce/complaint?
add
Yes — Resend exposes webhooks for delivered, bounced, complained, opened, clicked, and unsubscribed events. Configure them under Dashboard → Webhooks. They sign payloads with HMAC for verification.
Can I use Resend with React Email templates?
add
Yes — React Email is built by the same team. You write email components in React (with props, conditionals, the works), pre-render to HTML, and ship through Resend. It's the smoothest dev workflow in the email space right now.
Does Resend offer a free domain to test on?
add
Not really — but you can verify any subdomain you own. If you don't have a domain yet, register one for ~$10/year (Namecheap, Cloudflare Registrar) and use a subdomain like dev.yourdomain.com for testing.
Video tutorial
Watch: Resend SMTP setup tutorials on YouTube
We curated a YouTube search of recent walkthroughs by independent creators. The official docs (linked below) remain the source of truth.
play_arrowWatch on YouTubeFurther reading
Related provider guides
Ready to send through resend?
Sign up for CodeOpx Mail, add this SMTP config, and you'll be sending tracked emails in under 5 minutes.