diff --git a/apps/backend/src/app/api/latest/internal/emails/managed-onboarding/delete/route.tsx b/apps/backend/src/app/api/latest/internal/emails/managed-onboarding/delete/route.tsx
new file mode 100644
index 0000000000..e8d5170aa3
--- /dev/null
+++ b/apps/backend/src/app/api/latest/internal/emails/managed-onboarding/delete/route.tsx
@@ -0,0 +1,40 @@
+import { deleteManagedEmailProvider } from "@/lib/managed-email-onboarding";
+import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
+import { adaptSchema, adminAuthTypeSchema, yupNumber, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
+
+export const POST = createSmartRouteHandler({
+  metadata: {
+    hidden: true,
+  },
+  request: yupObject({
+    auth: yupObject({
+      type: adminAuthTypeSchema.defined(),
+      tenancy: adaptSchema.defined(),
+    }).defined(),
+    body: yupObject({
+      resend_domain_id: yupString().defined(),
+    }).defined(),
+    method: yupString().oneOf(["POST"]).defined(),
+  }),
+  response: yupObject({
+    statusCode: yupNumber().oneOf([200]).defined(),
+    bodyType: yupString().oneOf(["json"]).defined(),
+    body: yupObject({
+      status: yupString().oneOf(["deleted"]).defined(),
+    }).defined(),
+  }),
+  handler: async ({ auth, body }) => {
+    const result = await deleteManagedEmailProvider({
+      tenancy: auth.tenancy,
+      resendDomainId: body.resend_domain_id,
+    });
+
+    return {
+      statusCode: 200,
+      bodyType: "json",
+      body: {
+        status: result.status,
+      },
+    };
+  },
+});
diff --git a/apps/backend/src/lib/managed-email-domains.tsx b/apps/backend/src/lib/managed-email-domains.tsx
index c31c3960c6..ee0cd191dc 100644
--- a/apps/backend/src/lib/managed-email-domains.tsx
+++ b/apps/backend/src/lib/managed-email-domains.tsx
@@ -224,3 +224,28 @@ export async function listManagedEmailDomainsForTenancy(tenancyId: string): Prom
   `);
   return rows.map(mapRow);
 }
+
+export async function deleteManagedEmailDomainById(id: string): Promise<ManagedEmailDomain | null> {
+  const rows = await globalPrismaClient.$queryRaw<ManagedEmailDomainRow[]>(Prisma.sql`
+    DELETE FROM "ManagedEmailDomain"
+    WHERE "id" = ${id}
+    RETURNING *
+  `);
+  if (rows.length === 0) {
+    return null;
+  }
+  return mapRow(rows[0]!);
+}
+
+export async function countManagedEmailDomainsBySubdomainExcludingId(options: {
+  subdomain: string,
+  excludeId: string,
+}): Promise<number> {
+  const rows = await globalPrismaClient.$queryRaw<{ count: bigint }[]>(Prisma.sql`
+    SELECT COUNT(*)::bigint AS count
+    FROM "ManagedEmailDomain"
+    WHERE "subdomain" = ${options.subdomain}
+      AND "id" <> ${options.excludeId}
+  `);
+  return Number(rows[0]?.count ?? 0n);
+}
diff --git a/apps/backend/src/lib/managed-email-onboarding.tsx b/apps/backend/src/lib/managed-email-onboarding.tsx
index 11eb3f051a..405d8b0030 100644
--- a/apps/backend/src/lib/managed-email-onboarding.tsx
+++ b/apps/backend/src/lib/managed-email-onboarding.tsx
@@ -8,6 +8,8 @@ import {
   getManagedEmailDomainByTenancyAndSubdomain,
   listManagedEmailDomainsForTenancy,
   markManagedEmailDomainApplied,
+  countManagedEmailDomainsBySubdomainExcludingId,
+  deleteManagedEmailDomainById,
   updateManagedEmailDomainWebhookStatus,
 } from "@/lib/managed-email-domains";
 import { Tenancy } from "@/lib/tenancies";
@@ -225,6 +227,26 @@ async function createDnsimpleZone(subdomain: string): Promise<DnsimpleZone> {
   };
 }
 
+async function deleteDnsimpleZoneByName(zoneName: string): Promise<{ status: "deleted" | "not_found" }> {
+  const dnsimpleBaseUrl = getDnsimpleBaseUrl();
+  const dnsimpleAccountId = getDnsimpleAccountId();
+  const response = await fetch(`${dnsimpleBaseUrl}/${encodeURIComponent(dnsimpleAccountId)}/zones/${encodeURIComponent(zoneName)}`, {
+    method: "DELETE",
+    headers: getDnsimpleHeaders(),
+  });
+  if (response.status === 404) {
+    return { status: "not_found" };
+  }
+  if (!response.ok) {
+    const responseBody = await response.text();
+    throw new StatusError(
+      502,
+      `DNSimple returned ${response.status} when deleting managed email zone ${zoneName}: ${responseBody.slice(0, 500)}`,
+    );
+  }
+  return { status: "deleted" };
+}
+
 async function createOrReuseDnsimpleZone(subdomain: string): Promise<DnsimpleZone> {
   const existingZones = await listDnsimpleZones(subdomain);
   if (existingZones.length > 1) {
@@ -650,6 +672,67 @@ export async function applyManagedEmailProvider(options: {
   return { status: "applied" };
 }
 
+function isManagedEmailDomainInUseForTenancy(options: {
+  tenancy: Tenancy,
+  subdomain: string,
+  senderLocalPart: string,
+}): boolean {
+  const emailServer = options.tenancy.config.emails.server;
+  return emailServer.provider === "managed"
+    && emailServer.managedSubdomain === options.subdomain
+    && emailServer.managedSenderLocalPart === options.senderLocalPart;
+}
+
+export async function deleteManagedEmailProvider(options: {
+  tenancy: Tenancy,
+  resendDomainId: string,
+}): Promise<{ status: "deleted" }> {
+  const domain = await getManagedEmailDomainByResendDomainId(options.resendDomainId);
+  if (!domain || domain.tenancyId !== options.tenancy.id) {
+    throw new StatusError(404, "Managed domain not found for this project/branch");
+  }
+  if (isManagedEmailDomainInUseForTenancy({
+    tenancy: options.tenancy,
+    subdomain: domain.subdomain,
+    senderLocalPart: domain.senderLocalPart,
+  })) {
+    throw new StatusError(409, "Cannot delete a managed domain that is currently in use for sending email");
+  }
+
+  // External cleanup must succeed before we drop the DB row; otherwise a failure here
+  // would leak provider-side resources with no record left to retry against.
+  if (!shouldUseMockManagedEmailOnboarding()) {
+    const resendApiKey = getEnvVariable("STACK_RESEND_API_KEY");
+    const resendResponse = await fetch(`https://api.resend.com/domains/${encodeURIComponent(domain.resendDomainId)}`, {
+      method: "DELETE",
+      headers: {
+        "Authorization": `Bearer ${resendApiKey}`,
+      },
+    });
+    if (!resendResponse.ok && resendResponse.status !== 404) {
+      const responseBody = await resendResponse.text();
+      throw new StatusError(
+        502,
+        `Upstream email provider returned ${resendResponse.status} when deleting managed domain ${domain.resendDomainId}: ${responseBody.slice(0, 500)}`,
+      );
+    }
+
+    // createOrReuseDnsimpleZone lets multiple ManagedEmailDomain rows share a zone (when
+    // two tenancies pick the same subdomain). Only delete the zone if this row is the
+    // last one referencing it.
+    const remaining = await countManagedEmailDomainsBySubdomainExcludingId({
+      subdomain: domain.subdomain,
+      excludeId: domain.id,
+    });
+    if (remaining === 0) {
+      await deleteDnsimpleZoneByName(domain.subdomain);
+    }
+  }
+
+  await deleteManagedEmailDomainById(domain.id);
+  return { status: "deleted" };
+}
+
 export async function processResendDomainWebhookEvent(options: {
   domainId: string,
   providerStatusRaw: string,
@@ -691,4 +774,3 @@ async function saveManagedEmailProviderConfig(options: {
     },
   });
 }
-
diff --git a/apps/dashboard/public/assets/cloudflare-import-dns.png b/apps/dashboard/public/assets/cloudflare-import-dns.png
new file mode 100644
index 0000000000..daa76f62db
Binary files /dev/null and b/apps/dashboard/public/assets/cloudflare-import-dns.png differ
diff --git a/apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/email-settings/domain-settings.tsx b/apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/email-settings/domain-settings.tsx
index cafd59cf82..e6af5aea89 100644
--- a/apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/email-settings/domain-settings.tsx
+++ b/apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/email-settings/domain-settings.tsx
@@ -19,19 +19,22 @@ import {
   CheckCircle,
   Cloud,
   CopySimple,
+  DownloadSimple,
   Envelope,
   GlobeSimple,
   HardDrives,
   type Icon as PhosphorIcon,
+  Info,
   PaperPlaneTilt,
   Plus,
   ShieldCheck,
   Spinner,
+  Trash,
   WarningDiamond,
 } from "@phosphor-icons/react";
 import { throwErr } from "@stackframe/stack-shared/dist/utils/errors";
-import { runAsynchronouslyWithAlert } from "@stackframe/stack-shared/dist/utils/promises";
-import { Dialog, DialogContent, DialogTitle, Label, Typography, useToast } from "@/components/ui";
+import { runAsynchronously, runAsynchronouslyWithAlert } from "@stackframe/stack-shared/dist/utils/promises";
+import { ActionDialog, Dialog, DialogContent, DialogTitle, Label, Popover, PopoverContent, PopoverTrigger, Typography, useToast } from "@/components/ui";
 import { useCallback, useEffect, useMemo, useState } from "react";
 import * as yup from "yup";
 import Image from "next/image";
@@ -105,6 +108,18 @@ function getFormValuesFromConfig(config: CompleteConfig["emails"]["server"], pro
   };
 }
 
+function CloudflareIcon({ className }: { className?: string }) {
+  return (
+    // eslint-disable-next-line @next/next/no-img-element
+    <img
+      src="https://www.cloudflare.com/favicon.ico"
+      alt=""
+      aria-hidden
+      className={className}
+    />
+  );
+}
+
 function ResendIcon({ className }: { className?: string }) {
   return (
     <>
@@ -216,6 +231,58 @@ const senderLocalPartSchema = yup
   .defined("Sender local part is required")
   .test("non-empty", "Sender local part is required", (value) => value.trim().length > 0);
 
+async function lookupAuthoritativeNameServers(name: string): Promise<string[] | null> {
+  // Best-effort DoH lookup powering an optional UX hint. Swallow network/parse errors
+  // silently — ad-blockers, corp firewalls, and offline use are all expected here and
+  // shouldn't alert the user or pollute error reporting.
+  try {
+    const res = await fetch(`https://cloudflare-dns.com/dns-query?name=${encodeURIComponent(name)}&type=NS`, {
+      headers: { Accept: "application/dns-json" },
+    });
+    if (!res.ok) return null;
+    const json = (await res.json()) as { Answer?: { data?: string }[] };
+    const ns = (json.Answer ?? [])
+      .map((a) => a.data)
+      .filter((d): d is string => typeof d === "string" && d.trim().length > 0)
+      .map((d) => d.trim().replace(/\.$/, ""));
+    return ns.length > 0 ? ns : null;
+  } catch {
+    return null;
+  }
+}
+
+// Walk up labels (e.g. mail.shop.example.co.uk → shop.example.co.uk → example.co.uk → co.uk)
+// and return the first ancestor whose authoritative NS records actually resolve. That ancestor
+// is the DNS zone apex — robust to multi-label public suffixes (`.co.uk`, `.com.au`, …).
+async function findZoneApex(subdomain: string): Promise<{ apex: string, nameServers: string[] } | null> {
+  const labels = subdomain.split(".").filter(Boolean);
+  for (let i = 1; i < labels.length; i++) {
+    const candidate = labels.slice(i).join(".");
+    const ns = await lookupAuthoritativeNameServers(candidate);
+    if (ns) return { apex: candidate, nameServers: ns };
+  }
+  return null;
+}
+
+function downloadCloudflareZoneFile(subdomain: string, apex: string, nameServerRecords: string[]) {
+  const fqdnSubdomain = `${subdomain}.`;
+  const lines = [
+    `$ORIGIN ${apex}.`,
+    `$TTL 3600`,
+    ...nameServerRecords.map((r) => `${fqdnSubdomain}\t3600\tIN\tNS\t${r.replace(/\.$/, "")}.`),
+    "",
+  ];
+  const blob = new Blob([lines.join("\n")], { type: "text/plain;charset=utf-8" });
+  const url = URL.createObjectURL(blob);
+  const a = document.createElement("a");
+  a.href = url;
+  a.download = `${subdomain}-cloudflare.txt`;
+  document.body.appendChild(a);
+  a.click();
+  a.remove();
+  setTimeout(() => URL.revokeObjectURL(url), 1000);
+}
+
 function CopyButton({ text }: { text: string }) {
   const [copied, setCopied] = useState(false);
   return (
@@ -254,6 +321,24 @@ function ManagedDomainSetupDialog(props: {
   const [error, setError] = useState<string | null>(null);
   const [submitting, setSubmitting] = useState(false);
   const [checking, setChecking] = useState(false);
+  const [cloudflareApex, setCloudflareApex] = useState<string | null>(null);
+
+  useEffect(() => {
+    if (!props.open || stage !== 2 || !setupState) {
+      setCloudflareApex(null);
+      return;
+    }
+    let cancelled = false;
+    runAsynchronously(async () => {
+      const zone = await findZoneApex(setupState.subdomain);
+      if (cancelled || !zone) return;
+      const usesCloudflare = zone.nameServers.some((n) => /(^|\.)cloudflare\.com$/i.test(n));
+      if (usesCloudflare) setCloudflareApex(zone.apex);
+    });
+    return () => {
+      cancelled = true;
+    };
+  }, [props.open, stage, setupState]);
 
   useEffect(() => {
     if (props.open) {
@@ -354,7 +439,7 @@ function ManagedDomainSetupDialog(props: {
 
   return (
     <Dialog open={props.open} onOpenChange={props.onOpenChange}>
-      <DialogContent className="max-w-[680px] p-0 gap-0" noCloseButton>
+      <DialogContent className="max-w-[680px] p-0 gap-0 overflow-hidden" noCloseButton>
         <DialogTitle className="sr-only">Add managed domain</DialogTitle>
 
         <div className="px-6 pt-5 pb-4 border-b border-border/40">
@@ -426,19 +511,21 @@ function ManagedDomainSetupDialog(props: {
                   Use a dedicated subdomain (e.g. <span className="font-mono">emails.example.com</span>), not your apex domain.
                 </Typography>
               </div>
-              <div className="space-y-1.5">
+              <div className="space-y-1.5 min-w-0">
                 <Label className="text-xs font-medium text-muted-foreground uppercase tracking-wider">Sender local part</Label>
-                <div className="flex items-center gap-2">
-                  <DesignInput
-                    value={senderLocalPart}
-                    onChange={(e) => {
-                      setSenderLocalPart(e.target.value);
-                      setStage1Error(null);
-                    }}
-                    type="text"
-                    size="md"
-                  />
-                  <Typography variant="secondary" className="text-sm font-mono whitespace-nowrap">
+                <div className="flex items-center gap-2 min-w-0">
+                  <div className="w-32 shrink-0">
+                    <DesignInput
+                      value={senderLocalPart}
+                      onChange={(e) => {
+                        setSenderLocalPart(e.target.value);
+                        setStage1Error(null);
+                      }}
+                      type="text"
+                      size="md"
+                    />
+                  </div>
+                  <Typography variant="secondary" className="text-sm font-mono truncate min-w-0">
                     @{subdomain || "your-subdomain"}
                   </Typography>
                 </div>
@@ -449,8 +536,8 @@ function ManagedDomainSetupDialog(props: {
 
           {stage === 2 && setupState && (
             <>
-              <div>
-                <div className="text-sm font-semibold text-foreground">
+              <div className="min-w-0">
+                <div className="text-sm font-semibold text-foreground break-all">
                   Add these records to <span className="font-mono">{setupState.subdomain}</span>
                 </div>
                 <div className="text-xs text-muted-foreground mt-1">
@@ -458,8 +545,65 @@ function ManagedDomainSetupDialog(props: {
                 </div>
               </div>
 
+              {cloudflareApex && (
+                <div className="rounded-lg border border-amber-500/30 bg-amber-500/[0.06] p-3 flex items-center justify-between gap-3">
+                  <div className="flex items-center gap-2 min-w-0">
+                    <CloudflareIcon className="h-5 w-5 shrink-0" />
+                    <div className="min-w-0">
+                      <div className="text-sm font-medium text-foreground">
+                        Cloudflare detected on <span className="font-mono">{cloudflareApex}</span>
+                      </div>
+                    </div>
+                  </div>
+                  <div className="flex items-center gap-1.5 shrink-0">
+                    <DesignButton
+                      size="sm"
+                      variant="outline"
+                      className="gap-1.5"
+                      onClick={() => { window.open(`https://dash.cloudflare.com/?to=/:account/${encodeURIComponent(cloudflareApex)}/dns/records`, "_blank", "noopener,noreferrer"); }}
+                    >
+                      <CloudflareIcon className="h-3.5 w-3.5" /> Open
+                    </DesignButton>
+                    <DesignButton
+                      size="sm"
+                      variant="outline"
+                      className="gap-1.5"
+                      onClick={() => downloadCloudflareZoneFile(setupState.subdomain, cloudflareApex, setupState.nameServerRecords)}
+                    >
+                      <DownloadSimple className="h-3.5 w-3.5" /> Download zone file
+                    </DesignButton>
+                    <Popover>
+                      <PopoverTrigger asChild>
+                        <button
+                          type="button"
+                          aria-label="How to import on Cloudflare"
+                          className="h-7 w-7 rounded-md flex items-center justify-center text-muted-foreground hover:text-foreground hover:bg-foreground/[0.06] transition-colors"
+                        >
+                          <Info className="h-4 w-4" />
+                        </button>
+                      </PopoverTrigger>
+                      <PopoverContent side="left" align="start" className="w-[420px] p-3 space-y-2">
+                        <div className="text-sm font-medium text-foreground">Import on Cloudflare</div>
+                        <ol className="text-xs text-muted-foreground space-y-1 list-decimal pl-4">
+                          <li>Open your zone&apos;s DNS page on Cloudflare.</li>
+                          <li>Click <span className="font-medium text-foreground">Import and Export</span> in the top-right.</li>
+                          <li>Under <span className="font-medium text-foreground">Import DNS records</span>, click <span className="font-medium text-foreground">Select a file</span> and pick the file you just downloaded.</li>
+                        </ol>
+                        <Image
+                          src="/assets/cloudflare-import-dns.png"
+                          alt="Cloudflare Import and Export dialog screenshot"
+                          width={1048}
+                          height={828}
+                          className="w-full h-auto rounded-md border border-border/50"
+                        />
+                      </PopoverContent>
+                    </Popover>
+                  </div>
+                </div>
+              )}
+
               <div className="rounded-lg border border-border/60 overflow-hidden">
-                <div className="grid grid-cols-[72px_160px_1fr] px-3 py-2 bg-foreground/[0.04] border-b border-border/50">
+                <div className="grid grid-cols-[72px_1fr_1fr] px-3 py-2 bg-foreground/[0.04] border-b border-border/50">
                   <div className="text-[10px] font-semibold uppercase tracking-wider text-muted-foreground">Type</div>
                   <div className="text-[10px] font-semibold uppercase tracking-wider text-muted-foreground">Name</div>
                   <div className="text-[10px] font-semibold uppercase tracking-wider text-muted-foreground">Content</div>
@@ -468,14 +612,17 @@ function ManagedDomainSetupDialog(props: {
                   <div
                     key={`${r}-${i}`}
                     className={cn(
-                      "grid grid-cols-[72px_160px_1fr] items-center px-3 py-2",
+                      "grid grid-cols-[72px_1fr_1fr] items-center px-3 py-2 gap-2",
                       i < setupState.nameServerRecords.length - 1 && "border-b border-border/40",
                     )}
                   >
                     <span className="font-mono text-[11px] font-semibold text-foreground/80">NS</span>
-                    <span className="font-mono text-xs text-foreground truncate">{setupState.subdomain}</span>
                     <div className="flex items-center justify-between gap-2 min-w-0">
-                      <span className="font-mono text-xs text-foreground truncate">{r}</span>
+                      <span className="font-mono text-xs text-foreground truncate min-w-0">{setupState.subdomain}</span>
+                      <CopyButton text={setupState.subdomain} />
+                    </div>
+                    <div className="flex items-center justify-between gap-2 min-w-0">
+                      <span className="font-mono text-xs text-foreground truncate min-w-0">{r}</span>
                       <CopyButton text={r} />
                     </div>
                   </div>
@@ -582,6 +729,7 @@ export function DomainSettings() {
   const [domains, setDomains] = useState<ManagedDomain[]>([]);
   const [loadingDomains, setLoadingDomains] = useState(false);
   const [dialog, setDialog] = useState<{ initialState: SetupState | null } | null>(null);
+  const [confirmDelete, setConfirmDelete] = useState<ManagedDomain | null>(null);
 
   const refreshDomains = useCallback(async () => {
     setLoadingDomains(true);
@@ -887,11 +1035,11 @@ export function DomainSettings() {
                     const displayStatus: ManagedDomainStatus = isInUse ? "applied" : isReadyButUnused ? "verified" : d.status;
                     const displayLabel = isInUse ? "Active" : MANAGED_DOMAIN_STATUS_LABELS[displayStatus];
                     return (
-                      <div key={d.domainId} className="flex items-center justify-between px-4 py-3 gap-3">
-                        <div className="flex items-center gap-3 min-w-0">
+                      <div key={d.domainId} className="flex items-center justify-between px-4 py-3 gap-3 min-w-0">
+                        <div className="flex items-center gap-3 min-w-0 flex-1">
                           <GlobeSimple className="h-4 w-4 text-muted-foreground shrink-0" />
-                          <div className="min-w-0">
-                            <div className="text-sm font-mono text-foreground truncate">
+                          <div className="min-w-0 flex-1">
+                            <div className="text-sm font-mono text-foreground truncate" title={`${d.senderLocalPart}@${d.subdomain}`}>
                               {d.senderLocalPart}@{d.subdomain}
                             </div>
                             <div className="text-[11px] text-muted-foreground mt-0.5">
@@ -901,7 +1049,7 @@ export function DomainSettings() {
                         </div>
                         <div className="flex items-center gap-2 shrink-0">
                           <span className={cn(
-                            "text-[11px] font-medium px-2 py-0.5 rounded-full",
+                            "text-[11px] font-medium px-2 py-0.5 rounded-full whitespace-nowrap",
                             MANAGED_DOMAIN_STATUS_COLORS[displayStatus],
                           )}>
                             {displayLabel}
@@ -934,6 +1082,16 @@ export function DomainSettings() {
                               View DNS
                             </DesignButton>
                           )}
+                          {!isInUse && (
+                            <button
+                              type="button"
+                              title="Remove domain"
+                              onClick={() => setConfirmDelete(d)}
+                              className="shrink-0 p-1.5 rounded-md hover:bg-destructive/10 text-muted-foreground hover:text-destructive transition-colors"
+                            >
+                              <Trash className="h-3.5 w-3.5" />
+                            </button>
+                          )}
                         </div>
                       </div>
                     );
@@ -1015,6 +1173,27 @@ export function DomainSettings() {
         initialState={dialog?.initialState ?? null}
         onCompleted={() => { runAsynchronouslyWithAlert(refreshDomains); }}
       />
+
+      <ActionDialog
+        open={confirmDelete !== null}
+        onOpenChange={(o) => { if (!o) setConfirmDelete(null); }}
+        title="Remove managed domain"
+        danger
+        okButton={{
+          label: "Remove",
+          onClick: async () => {
+            if (!confirmDelete) return;
+            await stackAdminApp.deleteManagedEmailDomain({ resendDomainId: confirmDelete.domainId });
+            toast({ title: "Domain removed", description: `${confirmDelete.senderLocalPart}@${confirmDelete.subdomain} was removed.`, variant: "success" });
+            await refreshDomains();
+          },
+        }}
+        cancelButton
+      >
+        <Typography>
+          Remove <span className="font-mono">{confirmDelete?.senderLocalPart}@{confirmDelete?.subdomain}</span>? This permanently removes the domain from our records and the underlying email provider. You can re-add it later, but you&apos;ll need to re-verify DNS.
+        </Typography>
+      </ActionDialog>
     </>
   );
 }
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/internal/managed-email-onboarding.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/internal/managed-email-onboarding.test.ts
index c248c1b0b7..54e20fc698 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/internal/managed-email-onboarding.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/internal/managed-email-onboarding.test.ts
@@ -125,4 +125,175 @@ describe("managed email onboarding internal endpoints", () => {
     });
     expect(config.emails.server.password).toEqual(expect.stringMatching(/^managed_mock_key_/));
   });
+
+  it("rejects client access for delete endpoint", async ({ expect }) => {
+    await Project.createAndSwitch();
+
+    const response = await niceBackendFetch("/api/v1/internal/emails/managed-onboarding/delete", {
+      method: "POST",
+      accessType: "client",
+      body: {
+        resend_domain_id: "managed_mock_domain",
+      },
+    });
+
+    expect(response).toMatchInlineSnapshot(`
+      NiceResponse {
+        "status": 401,
+        "body": {
+          "code": "INSUFFICIENT_ACCESS_TYPE",
+          "details": {
+            "actual_access_type": "client",
+            "allowed_access_types": ["admin"],
+          },
+          "error": "The x-stack-access-type header must be 'admin', but was 'client'.",
+        },
+        "headers": Headers {
+          "x-stack-known-error": "INSUFFICIENT_ACCESS_TYPE",
+          <some fields may have been hidden>,
+        },
+      }
+    `);
+  });
+
+  it("deletes a managed domain that is not in use", async ({ expect }) => {
+    await Project.createAndSwitch();
+
+    const setupResponse = await niceBackendFetch("/api/v1/internal/emails/managed-onboarding/setup", {
+      method: "POST",
+      accessType: "admin",
+      body: {
+        subdomain: "mail.example.com",
+        sender_local_part: "noreply",
+      },
+    });
+    expect(setupResponse.status).toBe(200);
+
+    const deleteResponse = await niceBackendFetch("/api/v1/internal/emails/managed-onboarding/delete", {
+      method: "POST",
+      accessType: "admin",
+      body: {
+        resend_domain_id: setupResponse.body.domain_id,
+      },
+    });
+    expect(deleteResponse).toMatchInlineSnapshot(`
+      NiceResponse {
+        "status": 200,
+        "body": { "status": "deleted" },
+        "headers": Headers { <some fields may have been hidden> },
+      }
+    `);
+
+    const listResponse = await niceBackendFetch("/api/v1/internal/emails/managed-onboarding/list", {
+      method: "GET",
+      accessType: "admin",
+    });
+    expect(listResponse.body.items).toHaveLength(0);
+  });
+
+  it("rejects deleting a managed domain that is in use", async ({ expect }) => {
+    await Project.createAndSwitch();
+
+    const setupResponse = await niceBackendFetch("/api/v1/internal/emails/managed-onboarding/setup", {
+      method: "POST",
+      accessType: "admin",
+      body: {
+        subdomain: "mail.example.com",
+        sender_local_part: "noreply",
+      },
+    });
+    await wait(1500);
+
+    const applyResponse = await niceBackendFetch("/api/v1/internal/emails/managed-onboarding/apply", {
+      method: "POST",
+      accessType: "admin",
+      body: {
+        domain_id: setupResponse.body.domain_id,
+      },
+    });
+    expect(applyResponse.status).toBe(200);
+
+    const deleteResponse = await niceBackendFetch("/api/v1/internal/emails/managed-onboarding/delete", {
+      method: "POST",
+      accessType: "admin",
+      body: {
+        resend_domain_id: setupResponse.body.domain_id,
+      },
+    });
+    expect(deleteResponse).toMatchInlineSnapshot(`
+      NiceResponse {
+        "status": 409,
+        "body": "Cannot delete a managed domain that is currently in use for sending email",
+        "headers": Headers { <some fields may have been hidden> },
+      }
+    `);
+  });
+
+  it("allows deleting a managed domain after switching away from managed email", async ({ expect }) => {
+    await Project.createAndSwitch();
+
+    const setupResponse = await niceBackendFetch("/api/v1/internal/emails/managed-onboarding/setup", {
+      method: "POST",
+      accessType: "admin",
+      body: {
+        subdomain: "mail.example.com",
+        sender_local_part: "noreply",
+      },
+    });
+    await wait(1500);
+
+    const applyResponse = await niceBackendFetch("/api/v1/internal/emails/managed-onboarding/apply", {
+      method: "POST",
+      accessType: "admin",
+      body: {
+        domain_id: setupResponse.body.domain_id,
+      },
+    });
+    expect(applyResponse.status).toBe(200);
+
+    await Project.updateConfig({
+      emails: {
+        server: {
+          isShared: false,
+          provider: "resend",
+          host: "smtp.resend.com",
+          port: 465,
+          username: "resend",
+          password: "re_test_key",
+          senderEmail: "noreply@mail.example.com",
+          senderName: "Example",
+          managedSubdomain: undefined,
+          managedSenderLocalPart: undefined,
+        },
+      },
+    });
+
+    const deleteResponse = await niceBackendFetch("/api/v1/internal/emails/managed-onboarding/delete", {
+      method: "POST",
+      accessType: "admin",
+      body: {
+        resend_domain_id: setupResponse.body.domain_id,
+      },
+    });
+    expect(deleteResponse).toMatchInlineSnapshot(`
+      NiceResponse {
+        "status": 200,
+        "body": { "status": "deleted" },
+        "headers": Headers { <some fields may have been hidden> },
+      }
+    `);
+  });
+
+  it("returns 404 when deleting an unknown managed domain", async ({ expect }) => {
+    await Project.createAndSwitch();
+
+    const deleteResponse = await niceBackendFetch("/api/v1/internal/emails/managed-onboarding/delete", {
+      method: "POST",
+      accessType: "admin",
+      body: {
+        resend_domain_id: "does-not-exist",
+      },
+    });
+    expect(deleteResponse.status).toBe(404);
+  });
 });
diff --git a/packages/stack-shared/src/interface/admin-interface.ts b/packages/stack-shared/src/interface/admin-interface.ts
index ab079f6f15..f524303c34 100644
--- a/packages/stack-shared/src/interface/admin-interface.ts
+++ b/packages/stack-shared/src/interface/admin-interface.ts
@@ -489,6 +489,19 @@ export class StackAdminInterface extends StackServerInterface {
     return await response.json();
   }
 
+  async deleteManagedEmailDomain(data: {
+    resend_domain_id: string,
+  }): Promise<{ status: "deleted" }> {
+    const response = await this.sendAdminRequest("/internal/emails/managed-onboarding/delete", {
+      method: "POST",
+      headers: {
+        "content-type": "application/json",
+      },
+      body: JSON.stringify(data),
+    }, null);
+    return await response.json();
+  }
+
   async applyManagedEmailProvider(data: {
     domain_id: string,
   }): Promise<{ status: "applied" }> {
diff --git a/packages/template/src/lib/stack-app/apps/implementations/admin-app-impl.ts b/packages/template/src/lib/stack-app/apps/implementations/admin-app-impl.ts
index d8ff72b77b..e6b7a2c499 100644
--- a/packages/template/src/lib/stack-app/apps/implementations/admin-app-impl.ts
+++ b/packages/template/src/lib/stack-app/apps/implementations/admin-app-impl.ts
@@ -691,6 +691,12 @@ export class _StackAdminAppImplIncomplete<HasTokenStore extends boolean, Project
     return result;
   }
 
+  async deleteManagedEmailDomain(options: { resendDomainId: string }): Promise<{ status: "deleted" }> {
+    return await this._interface.deleteManagedEmailDomain({
+      resend_domain_id: options.resendDomainId,
+    });
+  }
+
   async sendSignInInvitationEmail(email: string, callbackUrl: string): Promise<void> {
     await this._interface.sendSignInInvitationEmail(email, callbackUrl);
   }
diff --git a/packages/template/src/lib/stack-app/apps/interfaces/admin-app.ts b/packages/template/src/lib/stack-app/apps/interfaces/admin-app.ts
index 43f15c1933..17a39470e4 100644
--- a/packages/template/src/lib/stack-app/apps/interfaces/admin-app.ts
+++ b/packages/template/src/lib/stack-app/apps/interfaces/admin-app.ts
@@ -119,6 +119,7 @@ export type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId ext
     checkManagedEmailStatus(options: { domainId: string, subdomain: string, senderLocalPart: string }): Promise<ManagedEmailProviderStatus>,
     listManagedEmailDomains(): Promise<ManagedEmailProviderListItem[]>,
     applyManagedEmailProvider(options: { domainId: string }): Promise<{ status: "applied" }>,
+    deleteManagedEmailDomain(options: { resendDomainId: string }): Promise<{ status: "deleted" }>,
 
     useEmailTheme(id: string): { displayName: string, tsxSource: string }, // THIS_LINE_PLATFORM react-like
     createEmailTheme(displayName: string): Promise<{ id: string }>,