DNS Setup Guide for Heartspace (Resend-connection)

Written By Heartspace AI

Last updated 5 months ago

This guide explains how to configure DNS records for sending email with Heartspace (via our email-provider Resend). It covers SPF, DKIM, domain verification, MX, DMARC, TTL/propagation, common pitfalls, and verification. At the end, see provider-specific tips.

1) Overview

To send authenticated email, you typically add several DNS records so mailbox providers can verify your domain and delivery systems.

  • Where you configure: your DNS provider (Cloudflare, Google Domains, Route53, GoDaddy, etc.)

  • Where you see them in Heartspace: DNS Setup step and Domain Management, after you connect an email and the email owner approves the sending, if that domain is not connected to Heartspace already you need to setup DNS. The domain-level setup only needs to be done once per domain. When it is done you can connect other emails from the same domain-name in Heartspace with the approval of the owner of the email adress.

2) SPF (TXT)

Purpose: Authorize senders allowed to send on your domain.

Example (Resend):

v=spf1 include:_spf.resend.com ~all

  • Name/Host: yourdomain.com (root)

  • Notes:

    • Only one SPF record should exist at root. If you have multiple, merge them with additional include: mechanisms.

    • Start with ~all (soft fail); consider -all after full validation.

3) DKIM (CNAME)

Purpose: Cryptographic signature that proves authenticity of the email.

Example (Resend):

Name (Host):  resend._domainkey.yourdomain.com
Value:        resend._domainkey.resend.com

  • Some providers auto-append the domain; if so, enter just resend._domainkey as the host.

  • TTL: 3600 seconds (1 hour) is typical; provider default is fine.

4) Domain Ownership Verification (TXT)

Purpose: Prove you control the domain.

Example (Resend):

Name (Host):  _resend.yourdomain.com
Value:        resend-verification=<token from Heartspace/Resend>

  • Harmless to keep after verification unless instructed to remove.

5) MX (Mail Exchange)

Purpose: Route inbound mail. For Heartspace outbound sending, you usually keep your existing MX records (Google/Microsoft).

If Resend shows an MX for bounce/feedback handling, add it exactly as specified:

Host:     yourdomain.com
Value:    <mx target from Resend>
Priority: 10

  • Priority: Lower numbers have higher priority. Match the number shown by Resend exactly (e.g., 10), not 1..N.

  • Do not remove your existing mailbox provider MX unless you intend to change inbound provider.

  • If MX records collide we recommend setting up your domain with a subdomain in heartspace. Contacts us if that is the case and we will help you.

6) DMARC (TXT) β€” recommended, not required

Purpose: Policy + reporting that builds on SPF and DKIM to protect your domain.

Rollout strategy:

  • Start with monitor-only, then harden once or twice and leave it.

Examples (choose one):

  • Monitor (default)

v=DMARC1; p=none; rua=mailto:[email protected]; adkim=s; aspf=s; fo=1; pct=100

  • Quarantine (soft enforcement)

v=DMARC1; p=quarantine; rua=mailto:[email protected]; adkim=s; aspf=s; fo=1; pct=100

  • Reject (strict)

v=DMARC1; p=reject; rua=mailto:[email protected]; adkim=s; aspf=s; fo=1; pct=100

  • Name/Host: _dmarc.yourdomain.com

  • Tips:

    • Create/monitor the rua mailbox or use a DMARC reporting service.

    • Some DNS providers require quoting the value.

    • ruf (forensic) is generally unnecessary; rua is usually enough.

7) TTL and Propagation

  • TTL of 3600 seconds (1 hour) is a solid default.

  • Changes can take minutes to 24 hours to propagate globally. Verification may not be instant.

8) Common Pitfalls

  • Multiple SPF records at root (should be one merged record).

  • DKIM CNAME host formatting (provider may auto-append domain).

  • MX priority incorrect (must match exact number shown by Resend).

  • DMARC typos (e.g., missing semicolons) or missing quotes when provider requires quoting.

9) Verifying in Heartspace

  • Use the "Verify Domain" button in the DNS step.

  • If verification fails:

    • Re-check record names and values.

    • Wait for propagation and try again.

    • Use "Copy All" to share with IT or forward directly from the UI.

Appendix: Where to find records

  • Heartspace: DNS Setup screen (shows live records fetched from Resend).

  • Resend: Dashboard β†’ Domains β†’ Your domain β†’ DNS records.

If you need help, contact [email protected].