Resend SMTP test — fixed username, API key, and port 465

Connection settings

Host: smtp.resend.com
Port: 465
Security: Implicit TLS

Resend provides SMTP relay at smtp.resend.com on port 465 (implicit TLS, recommended) or port 587 (STARTTLS). The SMTP username is the fixed string resend — not your email address — and the password is your Resend API key (the same key used for the REST API).

Recommended settings

Host: smtp.resend.com
Port: 465 (implicit TLS, recommended) or 587 (STARTTLS)
Username: resend (the literal string, lowercase)
Password: your Resend API key (starts with re_)
Auth method: Auto, PLAIN, or LOGIN
From address: must use a domain verified in Resend

Getting your API key

Log in to the Resend dashboard.
Go to API Keys in the sidebar.
Click "Create API Key." Choose a name and permission scope (sending access is sufficient).
Copy the key (starts with re_). This is both your REST API key and your SMTP password.

Unlike most providers, Resend does not issue separate SMTP credentials — the same API key works for both interfaces.

Testing with SMTP Tester

Host: smtp.resend.com, port 465, security TLS (or port 587 with STARTTLS).
Username: resend. Password: your API key.
From: an address on a domain you have verified in Resend (e.g. [email protected]).
To: any recipient.
Click Run. A 235 response confirms authentication.

A 250 OK after DATA means Resend accepted the message for delivery.

Common errors

535 "Authentication failed"

Wrong username: must be the literal string resend, not your email address or account name.
Wrong password: must be the Resend API key (starts with re_). Do not use your Resend account login password.
Key lacks sending permission: if the API key was created with restricted scope, ensure it includes sending access.
Revoked or expired key: check the API Keys page in the dashboard.

550 "Sender address not verified"

Authentication succeeded but the From address uses a domain not verified in your Resend account. Go to Domains in the dashboard and verify the sending domain by adding the required DNS records (SPF, DKIM, DMARC).

550 "Sandbox mode"

New Resend accounts start in a sandbox that restricts sending to the account owner's email only. Verify a domain and request production access to send to arbitrary recipients.

Connection timeout

Resend recommends port 465 with implicit TLS. If 465 is blocked on your network, try port 587 with STARTTLS. Port 25 is not supported.

Domain verification

Before Resend relays mail, you must verify domain ownership by adding DNS records:

SPF: TXT record authorizing Resend's sending IPs.
DKIM: CNAME records for Resend's DKIM signing.
DMARC: TXT record for alignment policy (recommended for deliverability).

The Resend dashboard shows the exact records to add and verifies them automatically once detected.

Resend SMTP vs REST API

Resend uses the same API key for both SMTP and the REST API (POST /emails). The SMTP interface is convenient for applications that already speak SMTP (WordPress, legacy systems, printers). The REST API offers more control (React Email templates, batch sending, scheduling).

For testing that your credentials and domain are set up correctly, SMTP Tester's live transcript shows exactly what Resend returns at each protocol step.

Sending limits

Resend's free tier allows 100 emails per day and 3,000 per month. Paid plans scale to higher volumes. Rate limiting returns a 421 temporary error — retry after a brief pause.

Security notes

The Resend API key grants both SMTP and API access. Treat it as a sensitive secret.
Store keys in environment variables, not source code.
Rotate keys if compromised — revoke the old one immediately in the dashboard.
SMTP Tester redacts your password from the live transcript.