Changelog
New features, improvements, and fixes shipped to SpoofSentry.
April 16, 2026
v3.0NewCompliance Readiness — per-provider mailbox readiness checks for Google, Microsoft, Yahoo, and general sender compliance
NewFix Wizard — guided remediation with change type selection, DNS state preview, and direct submission to Change Center
NewExecution Timeline — visual phase progression for change requests (discovered → approved → applied → completed)
NewRollback Panel — inline rollback availability and confirmation workflow in Change Center detail view
NewDeliverability Investigate — open durable investigation cases for auth-driven inbox placement issues
NewAuth Failure Clustering — automatic pattern detection grouping repeated authentication failures by source and cause
NewInvestigation correlation engine — ranks probable causes by correlating failure clusters with recent DNS changes and reputation signals
NewSender Surface — unified brand exposure view combining lookalike domains, dangling DNS, and sender infrastructure assets
NewBrand Risk Score — composite 0–100 exposure metric combining lookalike, dangling DNS, and surface asset findings
NewMSSP Remediation Queue — cross-customer work queue aggregating blockers, pending approvals, and failed changes
NewMSSP Vendor Portfolio — shared vendor risk concentration view across managed customers
NewMSSP QBR and Customer Posture Review report templates for partner quarterly reviews
NewAdmin v3 Diagnostics — entitlement inspector, module usage metrics, and feature × plan matrix for support
ImprovedPricing updated: Mailbox Readiness and Deliverability Investigate available from Protect tier; Sender Surface available on Enterprise
ImprovedMSSP portfolio snapshots now include remediation queue counts (blockers, pending approvals, failed changes)
ImprovedEntitlement denial logging — v3 feature access denials now recorded for admin diagnostics visibility
April 9, 2026
NewTakedown orchestration — full lifecycle case management for lookalike domain threats
NewAutomated evidence collection: RDAP/WHOIS, DNS snapshot, SSL certificate, content hash
NewMulti-channel abuse dispatch: Google Web Risk (5B+ devices), Netcraft, URLhaus, registrar/hosting/CA email
NewSLA enforcement with auto-escalation (3 levels) and auto-resolution when domains go offline
NewTakedown dashboard with case list, SLA indicators, and detailed case view with evidence and timeline
ImprovedThreats page now shows 'Initiate Takedown' action for active lookalike threats
ImprovedHigh-risk lookalikes (score >= 80) automatically get takedown cases via daily worker
April 6, 2026
NewOutcome measurement dashboard — before/after enforcement proof, TTD/TTR metrics, and ROI widget
NewEnhanced onboarding wizard with role capture, milestone tracking, and guided next actions
NewPublic status page at /status with real-time component health monitoring
NewTrust center at /trust with security controls, compliance frameworks, and subprocessor list
NewEnterprise procurement pack with downloadable security documentation
ImprovedBaseline posture snapshot now auto-captured when a domain is verified
ImprovedDaily outcome snapshots for all verified domains via background worker
March 29, 2026
NewSpoofing campaign timeline reconstruction with IP attribution and volume progression
NewSender Chain of Custody — tamper-evident audit trail for sender authorization lifecycle
NewAI Enforcement Simulator — what-if analysis against real historical traffic
NewDMARC Debt Score — 0-100 daily score with industry percentile benchmarking
ImprovedCompliance evidence bundles now cover 8 frameworks including NIS2 and ASD Essential Eight
SecurityResolved OIDC challenge TOCTOU race condition (BH-01)
SecurityFixed SAML ACS tenant isolation gap (BH-02A)
SecurityAI token budget guard now fails closed (BH-03)
March 22, 2026
NewHealthcare BAA management with HIPAA evidence mapping and PHI domain tracking
NewSEC cybersecurity disclosure export for Form 10-K reporting
NewEnforcement guarantee with contractual timeline milestones and credit mechanism
NewBIMI/VMC marketplace integration (DigiCert and Entrust)
ImprovedSIEM integrations now support CEF format alongside Splunk HEC, Elastic, Sentinel, and Datadog
ImprovedPSA/RMM integration expanded with billing summary push to ConnectWise and Autotask
FixedFixed rare duplicate sender discovery alerts during high-volume report ingestion
March 15, 2026
NewPrivileged Access Management — grant-based platform roles with break-glass emergency access
NewIP allowlist per tenant with MSSP bypass controls
NewDangling DNS / SubdoMailing detection with risk assessment
ImprovedRBAC expanded to 91 permissions across 8 roles and 28 resource types
ImprovedRow-level security now covers 51 database tables
March 1, 2026
NewMSSP multi-tenant platform with portfolio dashboard and pooled billing
NewOIDC SSO with SCIM 2.0 automated provisioning
NewWebAuthn / passkey authentication support
NewTerraform IaC provider for DMARC policy management
ImprovedLookalike domain scanning now detects combo-squats and homoglyphs