Preface

After I got my own domain name, I always wanted an email address with my own domain name suffix. In the beginning, I spent a lot of effort to set up my own mail server using home broadband. But later I found that only some domestic free mailboxes could receive messages. The others either could not be received at all or were in the trash, so I gave up.

However, after using cloudflare, I successfully solved the problem of receiving emails in my own domain name suffix mailbox by using its email routing function. But because using gmail to send emails is basically useless, I gave up sending emails.

This time, I accidentally heard that there was a free corporate email account, which made me excited for a while. However, after looking around, I found that it was difficult to apply for the basic education version of Google Workspace (free), and I had to provide a lot of messy certification materials. The cheapest of other corporate email accounts was $0.99/month. It was not expensive, but I rarely sent emails. I just wanted to use it occasionally to show off. It was not my style to pay for it and not use it. It was too wasteful, so I started looking again, and I really found a free personal corporate email solution that suited my needs: resend.

The final solution is cloudflare+resend+gmail (the target mailbox for my cf email routing).

cloudflare email routing

This is mainly to solve the problem of receiving emails with your own domain name. For detailed configuration steps, please refer to my other article:Home Data Center Series Use Cloudflare to create a small mailbox with your own domain suffix.

resend

This is mainly to solve the problem of sending emails using your own domain name.

Introduction

resend is a professional and efficient email sending platform. You can think of it as a professional email sending agent. All emails sent through it are credible and can go directly into the inboxes of major email service providers (in simple terms, resend guarantees the emails sent; in more complex terms, resend provides DKIM verification). This is actually the same as a corporate mailbox with a custom domain name (but corporate mailboxes cost money, and I don’t have money~).

The most important thing is that resend has a free quota for sending emails for personal accounts:

100 emails a day, 3,000 emails a month, this is more than enough for normal personal emails. What's more, I just want to use it to show off occasionally. So this is the tool I have been looking for for a long time.

Register a resned account

Register a resend account (https://resend.com/signup):

Add and verify your domain

According to the prompts in the red box in the figure below, add the corresponding records in your domain name provider (cf in my case), and then verify the domain name:

Then it is divided into 2 cases:
1. If your domain name does not have any mailbox-related settings configured

Then just add 4 records according to the requirements in the red box in the above figure. After verification, STATUS turns to green Verified, as shown below:

2. If your domain name has already configured email-related settings

For example, if CloudFlare's email function is enabled, the following precautions apply:
1. The priority of the MX record in the above figure is 10, which is required by resend. If your domain provider has more than one MX record, such as the MX record automatically filled in by Cloudflare's email routing:

You need to make sure that the priority of the MX record used for electronic routing is higher than the priority of the MX record used by resend for authentication (10 in this example).
2. If you use the clouflare email routing function, in addition to multiple MX records, there will also be a SPF record in TXT format:

TXT example.com "v=spf1 include:_spf.mx.cloudflare.net ~all"

If you add a TXT record directly according to the requirements of resend at this time:

TXT send v=spf1 include:xxx.com ~all

你会发现通不过校验，这是因为spf只能有一条，如果以前的存在，后面添加的是无效的，所以处理方式是在原有的spf记录里面把resend的”include:xxx.com”添加在 “~all”即可，而不是再新增一条spf记录。
3. You can also disable or delete the existing SPF and MX records (for example, stop the electronic routing function of Cloudlfare first), and then change them according to the first two precautions after the resend verification is completed (this is what I did, and it felt like the verification was passed in less than a minute).

Get the resend API and smtp server address

Get and save the SMTP server address, which is the key to sending emails with our own domain name in the future:

Note: There are many knowledge points related to emails. Most people don’t need to pay attention to the details. However, if you are not an ordinary person and are interested in the details, you can refer to an article I wrote before, which I spent a lot of time and energy on and finally found to be useless:Docker series builds a mail server based on poste.io.

send email

After using resend, there is no need to use gmail to send emails. Even if you use gmail to send emails, you can just treat gmail as a normal email client. But I haven't used an email client for a long time, so I'm too lazy to bother with it. I'll just use gmail to demonstrate:

Verify the added email address:

Click the link in the email to verify:



Test sending emails. The sender selects the email address with the domain name suffix that he just added:

Send an email to my QQ mailbox. QQ mailbox is still very representative. As long as the QQ mailbox can be put into the inbox, other domestic mailboxes are basically no problem:

Successfully entered the inbox:

But don’t be happy too soon:

To display the sent information, there is a red reminder below, which is too low-class. . I tried another email address, such as gmail, and there was no reminder:

icloud.com email did not remind:


It seems to be regional discrimination. Do all domestic mailboxes have this warning? I tried 163 mailbox:

There is also a reminder, but no warning. It seems to depend on the security policies of different email service providers. It is normal that China does not recognize the overseas mailing service, but this reminder is really a bit of a letdown. But I have to bear it. At least sending to overseas emails is very cool.

Further research on the issue of proxy payment

I was writing a summary, but I was a little unhappy and wanted to further study the issue of proxy mailing. In fact, the reason for the proxy mailing problem itself is very simple: it is the problem of DKIM (Domain Keys Identified Mail). In my previous article (Docker series builds a mail server based on poste.io) also mentioned the concept of DKIM and how to set it up in the mail server and DNS. I will not go into details here. If you are interested, you can search it online.

Simply put, the email provider that receives the email will use DNS to query the public key placed in the DKIM record by the owner of the sending domain name, and compare it with the content (digital signature) encrypted with the private key in the DKIM header of the received email (verify the digital signature). If the verification passes, it proves that the email is not forged.

---

In fact, no matter what kind of mail it is, you can see it in the email source code:
View the original email in gmail:

icloud里查看邮件原文，而且看到的不是gmail里显示的”email.amazonses.com”，而是”send.tangwudi.com”?

You can see it directly in the text in your QQ mailbox.

Why are there two kinds of results? Let's analyze the original content of the email received by icloud.com:

---

There are many parameters in the DKIM signature. The ones needed here are s and d. However, the other parameters are also posted here in case you are interested:

- v=1Indicates the DKIM version. - a=rsa-sha256Indicates the signature algorithm. - d=example.comIndicates the sending domain. - s=defaultRepresents a selector for signing. - c=relaxed/relaxedIndicates the normalization algorithm. - h=from:to:subject:date:message-idIndicates the header field to be signed. - [email protected]Indicates the signing identity. - bh=The following part is the hash value of the message body. - b=The following part is the signature itself.

---

When icloud.com receives the email I sent, it will find two DKIM signatures in the original email. To prove the authenticity of the email, icloud will verify both DKIM signatures: perform a DNS query using the parameters after s and d. Taking the first DKIM signature as an example, a DNS query will be formed:resend._domainkey.tangwudi.com, and thentangwudi.comThe domain name hosting provider (in my case, it is cloudflare) is used for query.resend._domainkey, remember this record? It is resend that verifiestangwudi.comOne of the records added when the domain name is created is the DKIM record, which contains the public key generated in advance by resend. Query:resend._domainkeyYou can get this public key when you:

Then use the public key to verify the signature in the first DKIM (b=the string behind it). If the verification passes, it is considered that the email is indeed sent from tangwudi.com; similarly, test the second DKIM. If the verification also passes, it can be confirmed that it is indeed sent from amazonses.com.

For icloud.com (gmail and hotmail), since the email is ultimately sent from amazonses.com, if there is some kind of agreement or mutual trust policy, the email will be released directly without any prompts:

If it is a domestic mailbox, although it will be released, the specific path of the email return will be displayed, which is the email address we saw earlier. In fact, this is the address used when replying emails:

This is like the public IP and port behind the private IP address NAT. When communicating with the web server on the Internet, the web server sends the reply packet to this public IP and port. In this scenario, this address is used to reply to the email directly, and then resend replies the email to the corresponding relationship (similar to the session table in NAT).[email protected]In the process, the sending and receiving of emails are completed.

至于为什么gmail会显示”email.amazonses.com”，而其他的显示”send.tangwudi.com”，那就猜不到了～。

After analyzing it this way, it seems that resend still does not have enough influence in China. However, I didn’t know about resend before, so it’s normal that it doesn’t have enough influence. . .

Summarize

How does using resend to send emails compare to using gmail itself? I have tried gmail's sending service before, but I felt that the success rate was very low and it was not practical, so I never used it again. I just thought about it and felt that it was not right. I took a closer look at the process of setting up gmail's sending service and found that it was really just a simple sending service, and it did not involve any DNS record verification issues at all. So it should be that the free gmail user's sending service cannot pass the DKIM verification of its own domain name (tangwudi.com in this article) like the emails sent by resend, so it will naturally be directly discarded or put into the spam box.

So at present, cloudflare+resend+gmai is the most affordable and free personal enterprise email solution: cloudflare email routing + gmai for receiving, cloudflare+resend for sending (although I used gmail's sending agent, I was just lazy and used gmail as an email sending client. Using resend's smtp server address, I can use any email client to send emails). Although there are reminders for receiving emails in domestic mailboxes, at least they can be put into the inbox~, which is much better than going directly into the trash or not being able to enter the trash at all before.

However, the rich don’t like this. The domestic mailboxes that send emails from real corporate mailboxes should not even have reminders. That is more classy. However, I have looked around corporate mailboxes and found no free ones. The cheapest one is $0.99/month (stealing the picture, if there is any infringement, please notify me to delete it):

I have no money, so I can only envy you. Which brother can try NameCheap corporate email at $0.99 a month? It’s really not expensive!

另：经一个网友介绍，又发现一个类似的：brevo，和resend差不多，每天却有300封的免费额度，如果觉得resend每天100封的额度不够的朋友可以去尝试下这个。配置也不难，大概配置、验证的步骤和resend差不多，我就不重复写了，网上教程也有，而且还支持营销计划什么的，功能很多，resend主打的就是一个简洁，各有优势吧，只是代发邮件显示的地址是这个：”[email protected]”，看起来有点怪异，不过也能进qq邮件的收件箱，其他都一样，大家根据自己的需求进行选择吧。