IvyMailIvyMail
Docs/Updates/Changelog

Changelog

Recent updates and improvements to IvyMail.

Feb 26, 2026 (Deliverability Improvements)

Email compliance and deliverability

  • Outbound emails now include one-click unsubscribe headers (List-Unsubscribe and List-Unsubscribe-Post per RFC 8058). Recipients can unsubscribe directly from their mail client without leaving their inbox.
  • Browser-friendly unsubscribe page for recipients who click the unsubscribe link. Unsubscribed addresses are automatically added to the suppression list.
  • Outbound content screening catches obvious spam patterns (advance-fee scams, pharmacy spam, casino spam, etc.) before emails reach SES. Flagged emails are rejected and logged with a clear reason.
  • Domain setup now includes custom MAIL FROM configuration (mail.yourdomain.com), improving bounce handling and sender alignment. Two new DNS records (MX and SPF for mail.{domain}) are included in the verification flow.
  • Domain verification automatically configures the custom MAIL FROM with SES once the required DNS records are detected. MAIL FROM is non-blocking; domains still work without it (SES falls back to defaults).

Pre-send check sequence updated

The send flow now includes two additional checks before any email reaches Amazon SES:

  1. (existing checks: reputation, domain, rate limit, warmup, payment, suppression)
  2. Content screening (spam/phishing pattern detection, link density, URL shortener abuse, excessive caps)
  3. Unsubscribe URL generation (automatic for every outbound email)

Test coverage

  • Added 33 new tests covering content screening, unsubscribe token generation/validation, unsubscribe endpoints, MAIL FROM domain configuration, and send flow integration
  • Total test suite: 486 tests, all passing

Feb 25, 2026 (Policy Audit and Safety Mechanisms)

Abuse prevention and policy alignment

  • Published a comprehensive Abuse Prevention Policy covering all enforcement mechanisms: account warmup, domain warmup, rate limiting, reputation monitoring, suppression lists, content limits, and prohibited activities

  • Added Sending Limits & Safety documentation covering plan-based limits, account warmup, domain warmup, reputation monitoring, suppression list, content limits, resource limits, pre-send check sequence, and payment enforcement

  • Aligned all five policy documents (Terms, Privacy Policy, GDPR Policy, Abuse Prevention Policy, Cookie Policy) with actual code behaviour; removed stale references to deprecated plans (Pay-as-you-go, Pro)

  • Updated complaint rate throttling threshold from 0.1% to 0.08% in both code and policy to match Amazon SES recommended thresholds

  • Updated domain warmup policy wording from calendar-day based ("Day 1/2/3") to volume-based ("Stage 1/2/3"), matching the actual stage-advancement logic

  • Clarified that the suppression list is global (platform-wide) for deliverability protection; the dashboard only shows entries relevant to your workspace

  • Removed specific eligibility criteria from "Higher Limits" section; custom limits are now handled via manual review on request

  • Updated data retention descriptions to reflect current plans: 7 days (Free), 30 days (Starter) Account suspension and workspace lifecycle

  • Added workspace suspension mechanism: suspended workspaces are blocked from all operations (sending, domain management, billing, everything) with a clear support contact message

  • Internal admin endpoints for suspend/unsuspend via /v1/maintenance/ (secured by internal API key)

  • Workspace deletion now uses a soft-delete pattern: delete marks the workspace with deleted: true and a 30-day grace period before permanent cleanup

  • Added hard_delete that cascades through all related resources: domains (with SES cleanup), API keys, webhook configs, webhook deliveries, logs, reputation data, usage records, warmup records, rate limits, billing (with Stripe subscription cancellation), members, invites, and the workspace itself

  • Internal cleanup endpoint (/v1/maintenance/cleanup-deleted-workspaces) finds workspaces deleted over 30 days ago and permanently removes them; designed for Cloud Scheduler

Suppression list improvements

  • Suppression records now store workspace_id from the originating bounce/complaint event
  • Global blocking behaviour unchanged: send-time checks still look up suppressions across all workspaces to protect platform deliverability

Sending safety checks (pre-send sequence)

The send flow enforces checks in this order before any email reaches Amazon SES:

  1. Reputation check (paused status blocks all sends)
  2. Domain ownership verification (must belong to the workspace)
  3. Domain enabled check (suspended domains rejected)
  4. Rate limiting (hourly, daily, monthly limits per plan)
  5. Domain warmup (stage-based daily limits for new domains)
  6. Payment status (blocked/past-due billing halts sending)
  7. Suppression list (suppressed recipients logged and skipped; if all recipients suppressed, send is rejected)

Reputation monitoring thresholds

StatusBounce rateComplaint rateEffect
Healthy--No restrictions
Degraded--Warning alert
Throttled>= 5%>= 0.08%Limited to 10 emails/hour
Paused>= 10%>= 0.5%All sending blocked

Enforcement only applies after a minimum of 75 emails sent.

Test coverage

  • Added 116 new tests covering all safety mechanisms:
    • Reputation system: score formula, status transitions, throttle/pause enforcement, alert creation (33 tests)
    • Suppression list: hard/soft bounce processing, complaint suppression, send-time blocking, workspace filtering (13 tests)
    • Domain warmup: stage limits (50/100/200), stage advancement by volume, new domain initialization, interaction with account warmup (16 tests)
    • Webhook delivery: HMAC-SHA256 signing, retry with exponential backoff, fan-out to enabled configs (8 tests)
    • Content validation: subject (998 chars), HTML/text body (512,000 chars), from/reply-to (320 chars) (14 tests)
    • Full send flow: end-to-end pre-send check sequence (9 tests)
    • Account suspension: suspend/unsuspend, middleware blocking on all role levels (7 tests)
    • Workspace deletion: soft delete, hard delete cascading cleanup, cleanup endpoint auth (16 tests)
  • Total test suite: 443 tests, all passing

Other improvements

  • Added IP warmup banner and guidance for new senders
  • Published downloadable skills.md file for AI agent integration
  • Added data export placeholder script (GDPR Article 20 compliance, manual process)
  • Added IO layer methods for full resource cleanup: delete_log, delete_webhook_delivery, delete_rate_limit, delete_domain_warmup, delete_billing, delete_usage_records, delete_reputation_data, get_all_workspaces

Feb 24, 2026

  • New blog post published
  • Quick Start guide now showcases all Send API fields
  • Pricing chart now supports daily and monthly toggle
  • Hover animations on landing page feature cards
  • Feedback links updated to Featurebase

Feb 20, 2026

  • New landing page hero animation
  • Added privacy and terms deep links in footer
  • Cookie consent and analytics improvements
  • Dashboard UI refinements: section headers, spacing, and table layout
  • Updated OG images and branding across the site