Email, Resend

Resend is the recommended transactional email provider for Olympus. The API is simple, the deliverability is good, and the free tier (3000 emails/month) covers small deployments.

What Olympus uses email for

Email verification at registration.
Password recovery codes.
MFA enrollment confirmations.
Notifications when configured.

All routed through the Kratos courier, which connects via SMTP (not provider-specific SDKs).

Configuration

Resend exposes an SMTP endpoint at smtp.resend.com:465 (or :587 STARTTLS).

In your Kratos config:

courier:
  smtp:
    connection_uri: smtps://resend:RE_xxxxxxxxxxxx@smtp.resend.com:465/?skip_ssl_verify=false
    from_address: noreply@your-domain.com
    from_name: Your App

Replace RE_xxxxxxxxxxxx with your Resend API key. Send as noreply@your-domain.com (must be a domain you've verified in Resend).

For Daedalus: choose Resend in the Email wizard step; paste the API key.

Domain verification

Before sending real email:

In Resend dashboard → Domains → Add Domain.
Add the DNS records Resend gives you (SPF, DKIM, DMARC).
Wait ~10 minutes for verification.

Without verified domain, Resend won't deliver to gmail/outlook/etc.

Free tier limits

3,000 emails/month
100 emails/day
All transactional (no marketing)

A typical Olympus deployment sends 1-3 emails per registration and 1 per password recovery. 3000/month supports ~1000 customer registrations per month, plenty for small-mid deployments.

Upgrading

Paid tier: $20/mo for 50,000 emails. Scales linearly.

Monitoring deliverability

Resend dashboard shows bounce/complaint rates. Watch:

Bounce rate > 5%: bad email list (likely some invalid signups).
Complaint rate > 0.1%: someone marked your transactional email as spam, investigate the template.

Set up Resend webhooks for real-time bounce notifications if your operator volume warrants.

Where next

Operate, Email deliverability, broader monitoring.
Security, Email verification, why this matters.
Deploy, DNS and Domains, SPF/DKIM/DMARC records.