Your Resend emails show “via resend.com” in Gmail, or drop into spam, and you're not sure which DNS records make them authenticate as your own domain.
Resend reaches DMARC compliance through DKIM, not SPF. The SPF domain Resend uses is a subdomain of its own infrastructure, so SPF can only align in relaxed mode — but Resend lets you sign DKIM with your own domain, so DKIM aligns and that is what carries DMARC for you. Until you verify a custom domain in Resend, mail is sent from Resend's shared domain and Gmail shows the tell-tale “via resend.com”. Source: Resend Docs — Implementing DMARC · verified 2026-07-18.
v=DMARC1; p=none; rua=mailto:you@yourdomain — then run the free check below to confirm dkim=pass and dmarc=pass.No. Adding SPF includes and DKIM records (whether TXT or CNAME) only adds authentication — it never blocks mail. The only step that can affect delivery is tightening your DMARC policy to quarantine or reject, and that comes later, once reports confirm every legitimate sender passes.
Yes. Most platforms handle DKIM (and sometimes SPF) so their mail can pass, but the DMARC record is published on your own domain and controlled by you — it's what tells receivers to act on failures. Providers rarely publish it for you, and you want your own rua= address to see the reports.
Send yourself a test message and check the headers for dkim=pass and dmarc=pass — or run the free check below on your domain to see SPF, DKIM and DMARC state, and which sending services currently align, in one place.