June 2026
New Features
- Sub-Accounts: Platform Partner and reseller accounts can now create and manage sub-accounts under a single parent, from both the dashboard and the v2 API. Each sub-account is a full account — its own domains, sending, webhooks, routes, and members — that is billed through the parent, with usage pooled onto the parent’s invoice and a proportional per-sub cost breakdown available in the dashboard and API.
- API-Only Sub-Account Provisioning: Partners can provision a new sub-account and mint its first working API key entirely over the API, with no dashboard step. The new key belongs to the sub-account, and its secret is returned only once (or on an exact idempotent retry within five minutes).
- API Key IP Allow Lists: Each v2 API key can now be restricted to a set of IPv4/IPv6 addresses or CIDR ranges. When a key has a non-empty allow list, any request made with it from an IP that isn’t on the list is rejected on every endpoint, regardless of the key’s permissions. An empty list means no restriction, so existing keys are unaffected. Up to 100 entries per key; the “allow everything” ranges are rejected.
- Per-Domain DKIM Selectors: Platform Partner accounts can now set a custom DKIM selector for each sending domain — in the dashboard and via the v2 API — instead of only an account-wide selector, so the same domain can be authenticated across multiple senders without collisions. The selector can be changed while the domain’s DKIM is unverified and locks once verified (contact support to unlock).
Changes
- API key responses now include an
ip_allow_listfield. The list, get, create, and update API-key endpoints always return the key’s allow list (an empty array when the key has no restriction). - Changing a key’s IP allow list in the dashboard now requires confirming it’s you. Saving an allow-list change prompts for a current two-factor code (or a recovery code) if you have two-factor enabled, otherwise your account password; the confirmation is remembered for five minutes. Dashboard management works from any IP and is never blocked by a key’s own allow list.
- Security alert email for allow-list changes. When an API key’s IP allow list is created or changed, account owners and administrators receive an email noting that a security setting on the named key changed. The email never contains the key’s secret or the list contents.
- The v2 domain API now accepts and returns a
dkim_selectorfield. Create and update accept an optional per-domain selector (Platform Partner accounts only; a trimmed-empty value clears it and reverts to the default), and the domain response reports the configured override (null when none is set). The custom tracking, return-path, subscription, and media subdomain fields are now documented as applying to both self-managed and managed DNS. - Every v2 account response now includes a
parent_account_idfield, so you can tell whether an account is a sub-account and which parent it belongs to. - The v1 send API now rejects a request with neither a text body nor an HTML body. Both the transactional send and the send-with-substitutions endpoint return a validation error when both body fields are omitted; at least one must be provided.
- Suspended accounts can no longer manage sending domains To prevent abuse, while an account is suspended, adding, editing, deleting, or re-checking DNS for a domain is blocked with a message to contact support.
- The billing page now shows emails sent “in the current billing cycle” for customers on a paid subscription, instead of “in the past 30 days.”
- Custom Subdomains on Self-Managed DNS: Domains that use your own self-published DNS can now customize their tracking, return-path, subscription, and media subdomains, matching what was already available for managed-DNS domains. Each subdomain is editable until its DNS record is verified, then locks.
- Golang SDK: The AhaSend Go SDK now supports Sub-Account features and API key IP allow lists.
- CLI: The AhaSend CLI now supports the Sub-Account management features.
Improvements
- Safer API retries. Retrying a request while the original is still processing now returns a clear “conflict” response with retry guidance, and reusing the same idempotency key on a different endpoint, resource, or payload is rejected instead of replaying the wrong response — so retries no longer risk creating duplicate resources.
- Self-lockout protection on API-key allow lists. If you use a key to set its own IP allow list to a value that excludes the IP you’re calling from, the change is rejected and nothing is saved. You can still change it from the dashboard, from an already-allowed IP, or with a different key.
- Sub-account and API-key updates reject empty or no-change requests with a clear error and leave omitted fields untouched; the website field is optional when updating a sub-account.
Bug Fixes
- Fixed legacy plan customers being unable to upgrade to the Pro or Max plan; these upgrades now complete correctly.
- Fixed plan upgrades failing for cards that require extra verification; the upgrade now goes through against your saved card without a failed authentication prompt.
- Fixed a legacy-plan upgrade being blocked for up to 24 hours after you updated your payment method; retrying with a new card now works immediately.
- Fixed backward (“previous page”) cursor pagination on v2 list endpoints, which could jump back to the first page instead of the page immediately before your cursor.
- Fixed the profile account switcher so deleted accounts no longer appear and can no longer break the page.
May 2026
New Features
- Duplicate a Campaign: You can now duplicate an existing marketing campaign in one action. The copy includes the design, sender settings, subject, preview text, tags, and recipient lists, and opens as a new editable draft — delivery history and statistics are not carried over.
- Automatic Tax on Subscriptions: New paid subscriptions now have applicable sales tax or VAT automatically calculated and added to your invoices based on your billing location.
Changes
- Transactional sends are limited to 100 recipients per request. The v1 send API now enforces a maximum of 100 recipients per call and rejects empty recipient lists with a validation error, matching the documented v2 limit.
- Each recipient gets a unique Message-ID. When you send to multiple recipients via the v1 send API without supplying your own Message-ID, every recipient now receives an individually generated, unique Message-ID instead of a shared one, making each message separately trackable. Supplying your own Message-ID works as before.
- Higher domain limits for enterprise and reseller accounts. Enterprise and Platform Partner accounts can now add up to 10,000 sending domains.
Improvements
- Cost estimates now reflect your subscription’s currency. The estimated-amount figure on the billing page is calculated using EUR or GBP pricing for EUR/GBP subscribers, instead of dollar-based rates.
- Fewer false-positive account suspensions. Automated bounce-rate protection now measures your actual bounce rate over the trailing 30 days and only acts once you’ve accumulated a meaningful number of bounces, so low-volume accounts are no longer suspended over a handful of bounces. Reviewed accounts that are reinstated are judged only on their activity going forward.
- Clearer error when adding a duplicate contact. Adding a contact whose email already exists now shows a specific “a contact with this email address already exists” message instead of a generic failure.
- Better partial-failure reporting on multi-recipient sends. When some recipients in a send fail, the API response now clearly reports which recipients failed and why, rather than failing the entire request opaquely.
Bug Fixes
- Fixed credit purchases that could silently fail to complete; credit top-ups are now provisioned reliably.
- Fixed plan upgrades occasionally resolving to the wrong plan when an invoice contained proration credits.
- Fixed the dashboard billing page showing a contradictory “your subscription is about to be cancelled” banner for customers who had scheduled a cancellation and then started a new subscription.
- Fixed the billing and credits pages failing to load for brand-new subscriptions that had not yet produced their first invoice; usage, billing dates, and estimated charges now display correctly in that window.
- Fixed the credits history failing to render entries that had no linked invoice; such entries now show “N/A” and a support contact link.
- Fixed the dashboard notice about an upcoming scheduled plan change to show the correct current and target plans and the right wording (for example, “downgrade” only when it actually is one), and to no longer appear when there is no real pending change. Plan changes made through the Stripe billing portal now reflect correctly on your account.
- Fixed unpaid checkouts falling through without an error message; if a checkout completes without a successful payment, you’ll now see a prompt to retry with a different payment method.
- Fixed updated checkout links for purchasing additional credit packs.
- Improved the contrast of the status indicators on the campaign edit page.
April 2026
New Features
- Multi-Currency Billing: New paid subscriptions are now billed in EUR, GBP, or USD depending on your location. The same applies when upgrading or switching between Pro and Max plans. Your default currency is captured when your account is verified, and prices on the onboarding and dashboard billing pages — both plan base prices and per-1k-email overage rates — are now shown in your local currency with the correct symbol (€9 / £8 / $10 for the Pro plan, etc.). You can override the auto-detected currency with a
currencycookie. - Custom Subdomains on Domain Creation: The API v2 create-domain endpoint now accepts
tracking_subdomain,return_path_subdomain,subscription_subdomain,media_subdomain, anddkim_rotation_interval_daysso domains can be set up with custom subdomains in a single API call. - Subdomains lock after DNS verification. Once a sending-domain subdomain (tracking, return-path, subscription, media) is verified in DNS, it is locked: any change requires contacting support, and the update domain API returns a clear 400 error indicating which subdomain is locked.
- API v2 Domain Management: API clients can now set and update domain settings and trigger DNS re-checks, including custom tracking, return-path, subscription, media, and DKIM rotation settings for managed DNS domains.
- BYODKIM Compatibility: Platform Partner accounts can now create domains with 1024-bit BYODKIM keys when needed for legacy compatibility. 2048-bit keys remain recommended.
- Work Email Required at Signup: To reduce abuse, new account sign-ups must now use a work email address. Free, personal, and temporary email providers are no longer accepted at registration.
Changes
- Email addresses are normalized on messages and suppressions (lowercased and trimmed of surrounding whitespace) on write and on lookup, making suppression checks robust to casing and whitespace variations.
- API v2 message scheduling validation is stricter: Create Message API scheduled expiration must be in the future and within the documented limit.
Improvements
- Better API v2 error responses.
403 Forbidden(not401) is returned for insufficient scopes;400(not404/412) for invalid sender domains or DNS-invalid domains on send; clearer errors for invalid suppression domains, invalid webhook boolean filters, and message-status enum mismatches. - Idempotent create endpoints document the
422response that is returned when an idempotency key is reused with a different payload. - API v2 domain-scoped routes, webhooks, SMTP credentials, messages, and statistics now handle scoped access more consistently.
- Account updates return the updated account, not the pre-update copy. The account response no longer leaks internal fields such as suspension status, monthly credit, or contact attributes; it now includes
owner_id. - Account billing pages now keep customer currency consistent when viewing existing subscriptions or switching plans.
- Plan cards now show localized overage prices instead of hardcoded USD amounts.
Bug fixes
- Domain names are normalized everywhere. Domain names submitted to the API, the dashboard, or as part of an API key scope are now lowercased, trimmed, and stripped of any trailing dot, so equivalent names are no longer treated as different.
- Dashboard links in campaign review, DNS, route, and webhook notification emails now point directly to the correct pages.
- Fixed manually resumed campaigns getting sent back through the normal evaluation gate after an admin resumed them.
- Fixed message cancellation requiring
messages:sendinstead ofmessages:cancelpermission. - Fixed message send results being assembled without synchronization, which could occasionally drop or duplicate per-recipient entries.
- Fixed webhook list
enabledandon_*boolean query parameters being silently ignored when given non-boolean values.
March 2026
New Features
- Managed DNS & DKIM Rotation Setup: Sending-domain setup now supports our new native managed DNS flow. Managed domains get two DKIM CNAME records: one required for sending and a second recommended record that lets AhaSend rotate DKIM keys later without asking for another DNS change.
- Contact Detail Pages: You can now view and edit individual contacts directly from the dashboard, including custom attributes, list memberships, engagement statistics, campaign delivery history, and activity logs. Drill-down pages for opens, clicks, and campaigns are available for detailed analysis.
- Message Tag Filtering: Messages can now be filtered by tags in both the API and the dashboard, making it easier to find specific transactional messages.
- Email Proxy Detection: Open and click tracking now correctly identifies email proxies from Gmail, Yahoo, Apple Mail Privacy Protection, Superhuman, and Fastmail, giving you more accurate engagement metrics. Apple MPP detection uses IP range verification rather than user agent matching alone.
- Delivery Analytics: Messages now track egress pool, egress source, and mailbox provider (Gmail, Yahoo, Outlook, etc.), with pre-aggregated statistics tables for future per-provider delivery reporting.
Changes
- Contact imports now update existing contacts’ names and attributes instead of silently skipping duplicates.
- Default message data retention for new accounts is now 7 days (previously 30).
- Campaign “from” addresses are now stored at schedule time, so campaign reports remain accurate even if the sending domain is later removed.
- API v2 list API keys endpoint now returns both send-only and full-access keys.
- The onboarding DNS setup page has a wider layout that is easier to read on all screen sizes.
- Invoices issued prior to March 15, 2026 are noted as unavailable in the dashboard billing page, with a link to support for older invoices.
Improvements
- DNS validation now tries multiple fallback nameservers (Cloudflare, Level3, Google, OpenDNS) before marking a domain as broken, reducing false alarms from temporary resolver issues.
- DNS validation now follows CNAME chains, so domains using intermediate CNAME records (e.g., through a CDN or DNS proxy) validate correctly.
- DMARC checking recovers more gracefully from transient DNS failures, preserving the previously known state instead of marking the domain invalid.
- The dashboard adapts better to light and dark color modes.
- Checkout and payment form initialization is more reliable.
- Established accounts (verified, or 30+ days old with significant volume) can now disable message data retention, in addition to approved accounts.
Bug Fixes
- Fixed character encoding corruption (mojibake) in campaign emails when HTML entities such as non-breaking spaces were converted to UTF-8 by the tracking system.
- Fixed single-part campaign emails not receiving click or open tracking.
- Fixed API v2 send-only keys not appearing in the list API keys response.
- Fixed domain deletion not cleaning up associated API key scopes.
- Fixed text selection being unreadable in code blocks on the dashboard.
- Fixed checkout validation requiring company name and VAT ID together for Singapore customers, where VAT is not applicable.
February 2026
New Features
- Campaign Content Spam Check: Campaign validation now includes an AI-based content review step using our own in-house, self-hosted, fine-tuned LLM model in addition to recipient-list checks. This helps catch campaigns that look like spam, phishing, or cold outreach before they are sent.
- Campaign Review Notifications: You now get email notifications when a campaign review is pending, approved, or rejected.
- Campaign Review Improvements: Manual campaign approvals are more flexible. Approved campaigns can either continue as scheduled or be returned to draft, and reviewed campaigns can be approved with bounce-rate evaluation skipped when appropriate.
Changes
- Campaign validation now gives clearer review outcomes, with more specific reasons when a campaign is held for manual review.
- Campaign reports are easier to use on smaller screens thanks to improved responsive tables.
- Campaign report charts render more reliably.
- The admin side of campaign and domain review tooling was expanded significantly, which should lead to faster and more consistent review handling by our support team.
Improvements
- Campaign sending is more reliable when subscriber status changes after scheduling. Recipients who become invalid or disabled before send time are now excluded automatically instead of causing avoidable failures.
- Campaign scheduling and initialization logic was hardened to reduce the chance of duplicate or inconsistent background jobs.
- Domain verification DNS checks now recover more gracefully from temporary DNS issues, including retrying previously valid domains before marking them broken.
- Domain rechecks now happen more intelligently for domains that were valid in the past but later became unhealthy.
- Domain risk analysis is more reliable thanks to improved domain-registration lookup logic and better handling of rate limits and timeouts.
- Message IDs generated bySend Message APIv2, Send Conversational Message APIv2 and Create Message APIv1 are now generated using UUIDv7, improving consistency, ordering and performance for generated IDs.
Bug Fixes
- Fixed API v2 conversational sending not properly respecting API-key sandbox mode.
- Fixed API v2 GetMessage returning
500errors in cases where404was correct. - Fixed HTML message previews in the dashboard so inline images render correctly.
- Fixed campaign validation sampling to avoid already known invalid subscribers.
- Fixed cleanup of expired messages so deletion runs more consistently and starts processing immediately.
- Fixed onboarding and account settings validation to show clearer max-length errors.
- Fixed checkout/account details validation so company name and VAT can be entered independently.
- Improved Stripe webhook handling to prevent errors in some edge cases.
January 2026
Security
- Improved session security with automatic session refresh after login and password reset.
New Features
- Contact List Validation: Automatically validate your contact lists before sending campaigns. The system checks email syntax, MX records, and uses external verification services to identify invalid or risky addresses. Campaigns with high bounce risk are flagged for review before sending.
- Campaign Cancellation & Rescheduling: Cancel scheduled campaigns or validation in progress, and reschedule campaigns with a new send time.
- Campaigns now send emails faster with concurrent delivery.
- Added delete campaign option with confirmation on the campaign edit page.
- Email notifications for campaign reviews: get notified when your campaign is pending review, approved, or requires changes.
Changes
- Dashboard charts now include campaign email statistics alongside transactional emails.
- “Deferrals” renamed to “Deferred Attempts” on the dashboard for clarity.
- Recent messages section now labeled “Recent transactional messages” to distinguish from campaigns.
- Send Message API now automatically detects template format based on whether substitutions are provided.
Improvements
- Suppression rate calculations now include campaign recipients for more accurate metrics.
- Campaign report page redesigned with separate views for campaigns being validated, scheduled, or paused.
- Many improvements and bugfixes for the Email Template Designer: fixed inline images breaking on edits, added undo/redo buttons, fixed color picker positioning, and resolved image resize issues.
Bug Fixes
- Fixed API sandbox mode for Send Conversational Message API not being respected when set on credentials.
- Fixed Send Message API incorrectly changing custom email header names to lowercase.
- Fixed inability to switch API keys from sandbox mode back to production mode.
- Fixed credit usage notifications not being sent correctly.
- Fixed webhook and S3 failure notifications not being sent correctly.
- Fixed contact and contact attribute delete buttons not working.
- Fixed logo not displaying correctly in Email Template Designer.
- Fixed domain validation issues during account onboarding.
- Fixed list segment filters not working correctly for numeric and yes/no fields.
- Fixed campaign pause notifications showing incorrect complaint rate.
- Fixed campaigns occasionally getting stuck during scheduling or validation.
- Fixed dropdown menu visibility on contacts page.
- Fixed redirect loop for users with 2FA enabled who haven’t completed onboarding (only affected users who requested their accounts to be deleted without deleting their user profile).
December 2025
- Improvements and bugfixes for the Workflow Engine and Campaign Management features. Request early access.
- Improved dashboard reporting performance.
- Added support for Bring Your Own DKIM keys to Create Domain API (currently only for Platform Partner accounts).
- Added support for domain validation without explicit SPF if Return-Path is configured (currently only for Platform Partner accounts).
- Improved error reporting for invalid pagination cursors in API v2.
- Improved S3 retention performance and reliability.
- Improved reliability of Usage Records and Billing Meters for billing via Stripe.
- Improved speed, reliability and scalability of MTA configuration subsystem, resulting in faster onboarding for accounts, domains and SMTP credentials.
- Fixed corner case issues with adding tracking links to messages.
- Improved spam and phishing monitoring and detection systems.
- Improved security measures in code and infrastructure.
- Multiple minor improvements and bugfixes.
November 2025
- Added Workflow Engine: currently in private beta and being internally used and tested for AhaSend’s own user-onboarding campaigns.
- S3 retention: Create separate files for each delivery attempt in the S3 bucket, allowing customers to use write-only credentials for archiving and using built-in S3 retention policies.
- Added support for legacy plan customers to switch to new pricing plans.
- Added support for upgrading and downgrading between Pro and Max plans.
- Improved Out-of-Band (OOB) NDR notification handling for bounced outbound messages.
- Added automatic notifications for monthly quotas for Free accounts.
- MX records are no longer shown for root domains (e.g.
example.com) in the dashboard to prevent confusion and potential DNS issues. - Improved account, domain, and credential synchronization speed between the backend and MTA servers.
- Upgraded to Stripe API to
2025-03-31.basil, adding support for improved usage-based pricing (and soon adaptive pricing with local currency support). - Improved DSN report delivery.
- Improved user experience for searching and deleting suppressions in the dashboard.
- Improved spam and phishing monitoring and detection systems.
- Improved security measures in code and infrastructure.
- Multiple bug fixes, improvements and optimizations.
October 2025
- New marketing website with a completely new design, dark mode, better performance, and improved content
- Implemented new pricing plans; existing customers remain on legacy pricing but can switch anytime
- Added sorting feature to the Messages page in the dashboard
- Improved IP management with better warm-up and IP pool controls
- Improved performance for API v1 and v2
- Fixed dashboard chart issues on Safari
- Improved reliability of webhook and routing uptime monitoring to prevent false-positive downtime reports on the status page
- Fixed dashboard dark mode display issues
- Fixed content handling bug in v2 Get Message API
September 2025
- Add Dark Mode to the dashboard
- Add Service Status Page
- Add Get Message API
- Improve
Content-TypeandContent-Dispositionhandling for attachments in Create Message API - Add optional global suppression for large volume senders
- Fix issues with false positives in DMARC verification in some corner cases
- Fix DNS verification failures due to large TXT records: Retry truncated TXT lookups over TCP
- Improve and optimize automatic suppression system based on bounce classifications.
- Improve handling of ICS attachments in Create Message API
- Add rate limits for failed login attempts.
- Improve automatic monitoring and suspension system to prevent abuse and false positives.
- Add new endpoint for sending Conversation Messages
August 2025
- Add support for generating and sending RFC 3464 DSN reports.
- Introduce AhaSend API v2
- Introduce AhaSend Go SDK
- Introduce AhaSend CLI
- Update documentation site
July 2025
- Add option to group route requests by Message-ID header
- Deploy separate infrastructure and MTA for campaigns
- Campaign management feature (to be released - Request early access)
- Contact and list management
- Campaign creation forms
- Grapesjs-based campaign template editor (to be released)
- Tiptap-based campaign template editor (to be released)
- Campaign reports (to be released)
- Improve DKIM-key check accuracy
June 2025
- Improve DNS lookup performance
- Add PKCE support for OIDC Single Sign On
- Add option for account-wide 2FA enforcement
May 2025
- Add support for Domain-Scoped SMTP Credentials
- Add support for Domain-scoped API Keys
- Add support for Sandbox SMTP Credentials
- Add support for Sandbox API Keys
- Add special headers to enable sandbox mode for individual messages
- Add support for multi-domain OIDC SSO
- Incorporate AhaSend’s SPF record into the existing SPF record for customer domain when possible
April 2025
- Add OpenID Connect SSO
- Add support for 2FA
- Improve reseller whitelabeling options
- Improve DKIM key check accuracy
- Improve dashboard reports and charts
March 2025
- Improve webhook and routes performance and request throughput.
- Improve dashboard reports and charts
- Improve system performance and email throughput

