Skip to main content

Changelog

What's new in PhishFence, written for customers. For the full git history see our repository.

June 2026

  • feature Guided setup, delivered to your inbox

    PhishFence now sends a short, personalized email series that walks you through getting protected: add a domain, turn on Email Security, publish your DMARC record, and ramp safely from monitoring to full enforcement. Each email reflects exactly where your domains stand and the single best next step to take, with the copy-paste DNS record when you need one. At most one email a week, and one-click unsubscribe any time.

  • feature Start (and extend) your free trial yourself

    Turn on a 14-day trial of Brand Protection and Email Security right from the billing page, no sales call needed. If you need a little longer to finish your DMARC setup, you can extend the trial once with a single click.

  • improvement More accurate visual matching on lookalike alerts

    We recalibrated how we measure how closely a suspicious site resembles yours, leading with AI image-embedding matching instead of surface-level page structure. The visual-similarity score on an alert now reflects real resemblance to your brand, so the percentage you see is one you can trust when deciding what to act on first.

  • feature DANE / TLSA added to your email posture

    For DNSSEC-signed domains we now check for DANE (TLSA) records that pin your mail server's certificate, an advanced protection against mail-in-transit tampering. It is advisory only and never affects your grade, so you can see at a glance whether it is in place without any risk to your score.

May 18-25, 2026

  • security Team-aware API tokens

    API endpoints (/api/v1/domains, /alerts) now respect team membership, so a member's token sees exactly the shared data it should. Shipped alongside a broader security hardening pass across the API and billing.

  • feature Bulk domain add/remove from the dashboard

    New drawer lets you paste a newline-separated list of domains to monitor, or select multiple rows and remove them in one shot.

  • feature User-facing audit log

    Every account action (logins, domain adds, scan triggers, status changes) is now visible to the account owner under Settings → Audit Log.

  • feature DNS auto-publish for Cloudflare (DMARC MVP)

    Connect a Cloudflare API token, pick a domain, and PhishFence will publish the recommended DMARC record straight to your zone. Your token is stored encrypted.

  • improvement Deeper DMARC + SPF diagnostics

    Per-record diagnostics now cover alignment quirks, SPF lookup-count overruns, and risky mechanism use, and the Email Security advisor grounds its recommendations in them.

  • improvement Email Security woven into onboarding

    New users see Email Security as a first-class second half of the product from step 1 of onboarding, not as a bolt-on later.

April 2026

  • improvement Trial expiry reminders

    Users on the free plan get a clean reminder cadence ahead of trial expiry rather than a sudden cut-off.

Subscribed to product updates? You can opt in/out in Settings → Notifications.