Changelog
New features, improvements, and fixes shipped to SpoofSentry.
April 9, 2026
NewTakedown orchestration — full lifecycle case management for lookalike domain threats
NewAutomated evidence collection: RDAP/WHOIS, DNS snapshot, SSL certificate, content hash
NewMulti-channel abuse dispatch: Google Web Risk (5B+ devices), Netcraft, URLhaus, registrar/hosting/CA email
NewSLA enforcement with auto-escalation (3 levels) and auto-resolution when domains go offline
NewTakedown dashboard with case list, SLA indicators, and detailed case view with evidence and timeline
ImprovedThreats page now shows 'Initiate Takedown' action for active lookalike threats
ImprovedHigh-risk lookalikes (score >= 80) automatically get takedown cases via daily worker
April 6, 2026
NewOutcome measurement dashboard — before/after enforcement proof, TTD/TTR metrics, and ROI widget
NewEnhanced onboarding wizard with role capture, milestone tracking, and guided next actions
NewPublic status page at /status with real-time component health monitoring
NewTrust center at /trust with security controls, compliance frameworks, and subprocessor list
NewEnterprise procurement pack with downloadable security documentation
ImprovedBaseline posture snapshot now auto-captured when a domain is verified
ImprovedDaily outcome snapshots for all verified domains via background worker
March 29, 2026
NewSpoofing campaign timeline reconstruction with IP attribution and volume progression
NewSender Chain of Custody — tamper-evident audit trail for sender authorization lifecycle
NewAI Enforcement Simulator — what-if analysis against real historical traffic
NewDMARC Debt Score — 0-100 daily score with industry percentile benchmarking
ImprovedCompliance evidence bundles now cover 8 frameworks including NIS2 and ASD Essential Eight
SecurityResolved OIDC challenge TOCTOU race condition (BH-01)
SecurityFixed SAML ACS tenant isolation gap (BH-02A)
SecurityAI token budget guard now fails closed (BH-03)
March 22, 2026
NewHealthcare BAA management with HIPAA evidence mapping and PHI domain tracking
NewSEC cybersecurity disclosure export for Form 10-K reporting
NewEnforcement guarantee with contractual timeline milestones and credit mechanism
NewBIMI/VMC marketplace integration (DigiCert and Entrust)
ImprovedSIEM integrations now support CEF format alongside Splunk HEC, Elastic, Sentinel, and Datadog
ImprovedPSA/RMM integration expanded with billing summary push to ConnectWise and Autotask
FixedFixed rare duplicate sender discovery alerts during high-volume report ingestion
March 15, 2026
NewPrivileged Access Management — grant-based platform roles with break-glass emergency access
NewIP allowlist per tenant with MSSP bypass controls
NewDangling DNS / SubdoMailing detection with risk assessment
ImprovedRBAC expanded to 91 permissions across 8 roles and 28 resource types
ImprovedRow-level security now covers 51 database tables
March 1, 2026
NewMSSP multi-tenant platform with portfolio dashboard and pooled billing
NewOIDC SSO with SCIM 2.0 automated provisioning
NewWebAuthn / passkey authentication support
NewTerraform IaC provider for DMARC policy management
ImprovedLookalike domain scanning now detects combo-squats and homoglyphs