email·digit
Sign inRequest access
Changelog · updated weekly

What we shipped.

Email Digit is in private beta. We ship every week, sometimes more. Every release is real (no marketing-speak), every regression is owned, every dependency is recorded.

v0.5.0MAY 28, 2026LATEST

API tokens, outbound webhooks, and the operator admin area.

4 features3 improvements
  • FEATUREAPI tokens (Phase 4.1) — per-workspace ed_live_… bearer credentials. SHA-256 hashed at rest; plaintext shown once at create. List / rotate / revoke from the dashboard or API. Tracks last-used IP per token.
  • FEATUREOutbound webhooks (Phase 4.1) — subscribe a URL to event types (reply.received, email.sent, email.bounced, domain.verified, mailbox.connected, whatsapp.received, test.ping). HMAC-SHA256 signed payloads. Exponential backoff retry (1m → 5m → 30m → 2h → 12h → dead) with replay UI.
  • FEATUREOperator admin area — new /admin/* routes for cross-workspace ops. Suspend/unsuspend workspaces with reason. Grant/revoke super-admin. View platform stats and audit feed. Bootstrap via scripts/grant_admin.py.
  • FEATUREStaging environment — dev branch auto-deploys to dev.emaildigit.com + api-dev.emaildigit.com against a Neon staging branch. Render blueprint declares both services.
  • IMPROVEWorkspace suspension is enforced at API token validation, inbound webhook ingest, and campaign send pipeline. Reads continue working so the customer can see why.
  • IMPROVEAudit log captures every admin write (admin.workspace.suspended, admin.user.granted_admin, etc.). Red-highlighted in the audit feed.
  • IMPROVEBrand v0.1 banner on staging (StagingBanner) renders only when hostname matches *.dev.emaildigit.com.
v0.4.0MAY 27, 2026

CNAME delegation — the "Clerk for email" moat.

3 features2 improvements
  • FEATURESubdomain CNAME delegation (Phase 2.5) — customers publish 2 CNAMEs + 1 TXT once. We provision the actual DKIM + DMARC TXT records on our Cloudflare zone. Future key rotations + DMARC progression update our zone, not the customer's DNS.
  • FEATURECloudflare API client — async wrapper around Cloudflare DNS API v4 with token + zone scoping. Gracefully no-ops when not configured so unconfigured installs (local dev) keep working.
  • FEATUREBackward-compatible TXT mode — existing domains keep their original setup. New domains opt into CNAME mode automatically when Cloudflare token is present.
  • IMPROVEMulti-resolver verifier now handles CNAME mode: confirms the customer's CNAME points at our zone AND the underlying TXT resolves through the chain.
  • IMPROVEDomain wizard UI distinguishes managed (green chip) from manual TXT mode in the list and detail views.
v0.3.0MAY 27, 2026

WhatsApp Business via Meta Cloud API direct.

5 features
  • FEATUREDirect Meta Cloud API (Phase 3.1) — no BSP middleman. Connect a phone number ID + access token; we handle bidirectional flow.
  • FEATUREWhatsApp webhook receiver — HMAC-SHA256 signature verification on every inbound. Per-workspace webhook URL scoped by path token.
  • FEATUREInbound reply ingestion — WhatsApp messages flow into the same replies table as email; classified by the same engine; trigger the same automations.
  • FEATURESend text + template endpointsPOST /api/whatsapp/send/text for 24h window replies; /send/template for pre-approved templates.
  • FEATUREWhatsApp dashboard UI — connect / disconnect / send test message inside /dashboard/mailboxes.
v0.2.0MAY 26, 2026

Own DKIM/SPF/DMARC stack. Resend removed.

4 features3 improvements1 removal
  • FEATUREOwn DKIM key generation — RSA 2048 per domain, Fernet-encrypted private keys. Signed via dkimpy (RFC 6376 reference).
  • FEATURESPF flattener — resolves nested include chains down to literal ip4/ip6 mechanisms so customers stay under the 10-lookup limit.
  • FEATUREDMARC progression state machine — 6 steps from p=none to p=reject pct=100 with safety gates (14 days + ≥95% alignment).
  • FEATUREAWS SES HTTPS API send pipeline — bypasses Render's outbound SMTP block. Boto3 client with IMDS disabled (5s connect, 20s read).
  • IMPROVEMulti-resolver DNS verifier — queries Cloudflare (1.1.1.1), Google (8.8.8.8), Quad9 (9.9.9.9) in parallel. 2-of-3 consensus required.
  • IMPROVEDMARC RUA report receiver at /api/dmarc/rua with XML parsing + per-domain summarization.
  • IMPROVETransactional sends are now fire-and-forget — password resets + verify emails complete instantly, with the SES POST happening in a background task.
  • REMOVEDRemoved Resend — no third-party domain auth, no third-party send relay. Email Digit is now end-to-end self-hosted on AWS SES + our own DNS stack.
v0.1.0MAY 25, 2026

Reply Intelligence + Compliance — Phase 1 complete.

5 features
  • FEATUREReply classifier — Anthropic Claude primary, OpenAI fallback, keyword/template fallback. Intent classes: interested, not_interested, question, complaint, unsubscribe, out_of_office, autoresponder, other, unclassified. Sentiment scalar -1 to +1.
  • FEATUREMailbox ingestion — Gmail OAuth (with history-cursor fallback), Microsoft Graph (Outlook), generic IMAP IDLE. Per-mailbox encrypted token blobs.
  • FEATUREInbound RFC 822 webhookPOST /api/inbound/{workspace_id}/email with workspace-scoped inbound_secret. Accepts raw MIME or normalized JSON.
  • FEATUREWeekly reply digest — Friday morning email summarizing the week's replies grouped by intent. Scheduler runs hourly, sends per-workspace.
  • FEATURERFC 8058 one-click unsubscribeList-Unsubscribe + List-Unsubscribe-Post headers added to every campaign send. Tokenized URL handles the click + records the opt-out.
v0.0.1APR 14, 2026

Email Digit private beta opens.

private beta launch
  • FEATUREInitial private beta — auth + workspaces + RBAC + 2FA + audit log + RLS + password reset + OAuth scaffold. Public deliverability checker at /check. DMARC XML analyzer at /tools/dmarc. AI email builder. Campaign send + email_send tables. First customer onboarded.