Our permission management system has been upgraded to support a streamlined Role-Based Access Control (RBAC) system, offering a simple way to assign roles while retaining the flexibility of custom, granular permissions for advanced control.

This update enhances security and adaptability, allowing organizations to tailor End user and MSSP Admin access levels with precision.

For more information, please refer to our updated User Management Guide and MSSP User Management Guide.

Additional details on this major enhancement will follow.

We’re excited to announce our integration with ConnectWise, now available on the ConnectWise Marketplace. This integration offers Managed Service Providers (MSPs) a streamlined solution for advanced domain security management, enhancing efficiency and email security.

Key Benefits:

• Centralized Security Management: Manage all DMARC and DNS alerts within ConnectWise for simplified workflows.
• Automated DNS Change Monitoring: Real-time alerts for DNS changes, ensuring email security without manual monitoring.
• Forensic Incident Alerts: Immediate notifications on DMARC forensic incidents, enabling faster threat response.
• Scalability: Easily manage growing domain security needs as organizations expand.

Get Started: Follow our onboarding guide to activate the integration. You can also book a 1:1 session with our experts or reach out to your MSP account manager for activation assistance.

Enhanced Video Tutorials for Hosted Services

We’ve made several improvements to the video tutorials within the platform, providing a more interactive and user-friendly experience:

• Draggable Video Tutorial Widget: The video tutorial pop-up is now draggable. Users can click and hold the widget's header to drag and reposition it anywhere on the screen.
• Language Selector: A language selector has been added, allowing users to view video tutorials in their preferred language.
• New Trigger for Video Tutorials: Users can now trigger the video tutorial pop-up when selecting a domain on the hosted services page.

New Video Tutorials Added:

• Seclytics Threat Intel
• SAML Single Sign-On Configuration
• Domain Health
• MailAuth Analyzer
• API Settings
• DMARC Aggregate Reports > Per Sending Source (Beta View)

Design Improvements:

• Enhanced user interface for the "Video Tutorials" page for a more streamlined experience.

New Feature: Trust This Device for 30 Days During Two-Factor Authentication (2FA)

To enhance your login experience and reduce interruptions, we’ve introduced a new "Trust This Device for 30 Days" feature during the 2FA process.

Key Benefits:

• Users can now choose to recognize their regularly used devices for 30 days, minimizing the need for repeated 2FA prompts on those devices.
• This feature improves workflow efficiency, especially during busy periods when frequent authentication might slow down user activities.
• Users can view and manage their trusted devices directly through the user profile page, giving full control over which devices are recognized as trusted.

By enabling this option during login, you can enjoy a smoother, more efficient authentication experience on your trusted devices.

Updated Feature: Hosted SPF

We’ve made important updates to the Hosted SPF feature, aligning with the latest best practices and providing more flexibility for record configuration:

• Default Mechanism Prefix Update: The default SPF mechanism prefix (all) has been changed from Hard fail ("-all") to Soft fail ("~all"), in accordance with the latest industry best practices and recommendations.

• New Mechanism Prefix Control for Nested Records: Users can now specify a separate mechanism prefix (all) for all records nested within the parent Hosted SPF record, offering greater customization and control over Hosted SPF record management.

These updates enhance SPF configuration flexibility while maintaining adherence to recommended email authentication standards.

We’ve added several new sections to the Detailed PDF reports, offering deeper insights into your email security and compliance status:

• Top 5 Sources Sending DMARC Failing Emails
• Top IP Addresses Sending DMARC Failing Emails, categorized by country
• MTA-STS and TLS-RPT Compliance Overview
• Inbound Email Overview
• Top MTA-STS/TLS Failing Sources

How to Access:
To see these updates in action, download a Detailed PDF report from your account or schedule it to be delivered directly to your specified email addresses.

New Feature: Domain Analyzer API Endpoint

We are excited to introduce a new API endpoint that allows retrieval of Domain Analyzer results via the API. This new functionality enhances automation capabilities for developers and system administrators by providing detailed domain analysis results programmatically.

New API Features:

• Domain Score & Grade: Retrieve the overall domain score and corresponding grade.
• Detailed DNS Record Information:
  • A Records: List of A records.
  • NS Records: List of Name Server records.
  • MX Records: Mail Exchange records.
  • SPF Record: Full SPF record with validation results and error details (if any).
  • DMARC Record: Full DMARC record with validation results and error details (if any).
  • DKIM Records: List of DKIM records with validation results and error details (if any).
  • BIMI Record: Brand Indicators for Message Identification (BIMI) record with validation results and error details (if any).
  • MTA-STS Record: Mail Transfer Agent Strict Transport Security record with validation results and error details (if any).
  • TLS-RPT Record: Transport Layer Security Reporting record with validation results.

For more information, please refer to our API Documentation.

The response of the "GET Domain Reports" by Domain ID API endpoint has been enhanced to include the following data points:

• Volume of Emails that are not DMARC Compliant
• DMARC Policy Application Counts:
  • Count of emails with DMARC policy "none"
  • Count of emails with DMARC policy "reject"
  • Count of emails with DMARC policy "quarantine"
• DMARC Policy Application Percentages:
  • Percentage of emails with DMARC policy "none" (out of total email volume)
  • Percentage of emails with DMARC policy "reject" (out of total email volume)
  • Percentage of emails with DMARC policy "quarantine" (out of total email volume)

New Feature: Domain Group Reports API

A new endpoint has been introduced, similar to the "GET Domain Reports by Domain ID" API, but designed to accept a Domain Group instead of a Domain ID, returning the aggregated results for the entire Domain Group.

For more information, please refer to our API documentation.

• MSSP Administrators and Account Owners can now enforce Two-Factor Authentication (2FA) during the process of adding new admins and users. This feature is available for both user invitations and manual user/admin creation.

• Once activated, the invited or newly created users will be directed to a 2FA activation screen upon their first login.

This enhancement provides a consistent security experience across all user management flows, ensuring that all new users are secured with 2FA right from the start.

• Enhanced API Endpoint: Get User Details

  • The GET /api/v1/account/members/{user} endpoint has been updated to include additional data in its response:
  • 2FA (Two-Factor Authentication) Status: The user's 2FA enforcement and enablement status are now returned in the response.
  • Last Login Date and Time: The response now includes the last login timestamp, providing insights into the user's recent activity.
  • User Privileges/Resources:The specific privileges and resources assigned to the user. This allows for more granular control and visibility over user access levels.

• New API Endpoint: Toggle 2FA Status

  • Introduced a new API endpoint to manage 2FA settings for individual users:
  • PATCH /api/v1/account/members/{user}/enforce-2fa/{status}
  • This endpoint allows administrators to programmatically enable or disable 2FA enforcement for specific users, streamlining the management of security configurations.

• Updated API Endpoint: Get All Users

  • The existing GET /api/v1/account/members endpoint, which returns the details of all users in the account, has been enhanced to support filtering based on specific criteria:
  • User ID: Retrieve user details by their unique identifier.
  • User Email: Filter users based on their email address.
  • User Name: Fetch user details using their name.

  These filters allow for more targeted retrieval of user information, improving the efficiency of user management through the API.

These updates significantly enhance the functionality and flexibility of user management APIs, offering more detailed insights and control over user data and security settings.

More details can be found on our API documentation.

For our whitelabel MSSPs, the domains used for various hosted services will now be whitelabelled with your provided whitelabel domain.

This includes whitelabelling:

• DMARC RUA/RUF tags for Hosted and non-hosted DMARC
• Hosted SPF
• Hosted BIMI
• Hosted TLS-RPT

To learn more about this feature and how to activate it for your whitelabel MSSP, please reach out to our support team (support@powerdmarc.com).

Introducing our latest feature enhancement: the integration of Seclytics' predictive threat intelligence.

Threat Intelligence Enhancement

• UI Revamp: Modernized the threat intelligence page for a better user experience.
• Seclytics Integration:
  • Access Seclytics' predictive threat intelligence data directly within PowerDMARC.
  • View comprehensive reports summarizing current and emerging cyber threats, detailed threat intelligence data, predictive analysis, trends, and mitigation recommendations.
  • Empower your organization to proactively defend against potential attacks and enhance security posture.

Read more about this integration on our blog.

You can now watch video tutorials on how to configure each Hosted Service directly within the platform. Video tutorials have been added for the following features:

• Hosted SPF
• Hosted DKIM
• Hosted DMARC
• Hosted BIMI
• Hosted MTA-STS

We are excited to announce significant enhancements to the Domain Analyzer embedded widget, designed to improve customization, ease of use, and reporting capabilities.

Enhancements:

1. Customization Options:

   • Choose between Light and Dark view modes.
   • Adjust detailed colors including title and secondary text colors, button colors, background colors, and shadow colors.

2. Simplified Embedding:

   • Easily embed the widget on your site with a single HTML script tag.
   • Access the MSSP-specific Domain Analyzer page directly via URL https://msspname.powerdmarc.com/analyze
     without needing to embed the HTML script, and maintain your own branding.

3. Dedicated Analysis Page:

   • Domain analysis results are now displayed on a dedicated page within your MSSP tenant.
   • This page is customizable for whitelabel MSSPs.

4. Export and Email Results:

   • Export domain analysis results as a PDF.
   • Option to send results to a user-specified email.

5. New "Domain Analyzer Leads" Page for MSSPs:

   • Access detailed information on tool usage, including who used the tool and emailed PDF results.

For more information on how to use the upgraded tool, please refer to the videos below:

1. How to Embed the Domain Analyzer Widget on Your Website (Step-by-Step Tutorial)
2. Domain Analyzer Leads

We have introduced a new "DNS Status" indicator to help users easily track the status of their PowerSPF DNS record configuration.

The DNS Status indicator will display one of the following states:

1. Activated: The correct DNS record has been published and detected on the domain's DNS.
2. Not Activated: The correct DNS record has not been published on the domain's DNS.
3. Incorrect Configuration: An incorrect DNS record has been published on the domain's DNS.

This feature aims to provide clear and immediate feedback on the status of DNS configurations, ensuring a smoother PowerSPF setup process.

We are excited to announce several improvements to our SSO configuration functionality:

• UI Enhancements: The SSO configuration pages have been redesigned for a more intuitive and user-friendly experience.

• Edit SSO Settings: You can now easily edit SSO settings after creating a connection, providing greater flexibility and control.

• Disable SSO Connections: We have added the option to disable SSO connections, allowing you to manage your authentication methods with greater ease.

These updates aim to streamline your SSO management and improve your overall experience.

Auto-generate Secure Passwords

An added functionality enables the autogeneration of passwords compliant with security standards with the option to copy the generated password for easy distribution.

This feature is now available on all account creation/editing pages, including but not limited to:

• Sign up page
• Customer Account Create/Edit page for MSSP admins
• User Account Create/Edit page for Main Users

API enhancement

A set of new additional API endpoints have been released providing MSSP admins additional capabilities in managing their Customer Accounts, Users and Domains:

• Single token for multiple MSSP account access
• MSSP API endpoints for hosted services
• MSSP API endpoints for Alerts
• API endpoints for Domain Health
• API endpoints for Dashboard domain information

All new endpoints are now available in our Postman and Swagger API documentation.

A new feature has been released that enables MSSP Admins to manage the Domain count limit and DMARC Compliant mail volume limit at the Customer account level:

• Upon account creation, each account is assigned a plan. The domain and DMARC Compliant mail volume limits of the account will initially match those of the assigned plan. Those limits have now been termed “Plan- wise limits” and are visbile on the Create Customer Account page:

• MSSP admins can now override the “Plan-wise limits” by specifying custom Domain and DMARC Complaint mail volume limits for each account. Those limits have been termed “Account- Specific Limits”

If the Account - Specific limits are specified, they will override the Plan - wise limit for that account only.

• The Account - Specific limits can also be edited from the Edit Customer Account page after account creation

Enhanced Hosted DKIM Management Experience

The new Hosted DKIM Setup Wizard allows you to easily add your current DKIM selectors and DNS records before publishing the NS records. This ensures immediate availability of your selectors once Hosted DKIM is activated. Additionally, you can add, edit, or delete selectors even after the initial setup.

You can also add comments to describe your selectors for better organization and clarity.

Hosted MTA-STS Layout Enhancements

• The enhanced 'Help' section, now featuring refined descriptions and new visuals, can be accessed via the 'Get Started' button.
• The domain selector reload button is now consistent with the design of other pages.
• Due to layout changes, the 'Hosted MTA-STS' and 'Hosted TLS-RPT' sections are now positioned side by side horizontally, with the corresponding record information displayed below each section.
• A reference link has been added to direct users to the corresponding TLS reporting domain page.
• Statuses of MTA-STS records are now clearly indicated using appropriate color.
• Accessibility issues have been resolved for the MTA-STS record Mode field.

TLS Report Upload & History

The platform now allows users to manually upload TLS Report JSON files and view their upload history.

1. PowerSPF has been relocated and can be found under Hosted Services on the left side menu
2. Date filter removal from Diagnostics page (PowerSPF) - This was done to improve the error retrieval and filtering experience.
3. PowerSPF Error indicator on management tab - This focuses on informing users if any issues are triggered with their existing SPF record. It can be seen on the PowerSPF management tab and redirects the user attention over to the Diagnostics
4. Hosted Services like PowerMTA-STS and PowerBIMI has been renamed to HostedMTA-STS & Hosted BIMI.

A revamp version on the pricing page is now available to our end users. This improvement makes it easier and much more clear for when users would like to upgrade their existing plan depending on their organizational needs.

Background Color is now customizable !!

White labelled MSSPs can now utilize a much more focused and flexible UI configuration when customizing their portal.

This enhancement is viewed as a method to achieve greater consistency, ensuring that the page customization is attractive and uniform across the entire portal.

PowerSPF has introduced new tabs, enhancing users' ability to manage their SPF records with greater sophistication: Management, Analytics and Diagnostics tabs.

PowerSPF has a new and improved Management tab with a revamped UI with the following changes and new functionality:

1. The Manual Setup section has been relocated below the Tracked Includes tree
2. The Status indicator has been renamed from Live to Enabled.
3. Users can now click the Reset button, accompanied by an updated pop-up message for confirmation. This action will remove all their included sources from the PowerSPF configuration page.
4. PowerSPF lookup section will also illustrate the functionality of the tool by comparing the lookup results of your domain with and without enabling the service.

The Analytics tab of the PowerSPF will show the additional information about the include tree, as well as mail volumes per sender source and IP address.
This will allow you to monitor the volume of the emails by the sender source and SPF mechanism and identify outliers.

And finally, the Diagnostics tab on the PowerSPF page will inform the client of any existing errors we have detected. Here you will be able to see not only the issues and warning messages related to the SPF record, but also the recommendations on how it can be fixed with the help of PowerSPF.

For situations where invited users aren't activating their accounts through email invites, we've introduced a solution.

Super Admins or Main Users now have the ability to manually grant access to users. Simply navigate to the Invites list, click Edit, switch the registration type from Email Invite to Manual, and this enables users/admins to log in without depending on email invites.

Spoofers can sometimes target your organization by creating illegitimate subdomains to send outgoing emails.This can cause your dashboard to be overcrowded with data for these illegitimate subdomains.

Our newly implemented UI/UX and logic changes will simplify the management of auto-discovered subdomains for the client.
The main impact is on three pages: Dashboard, Aggregate Reports and Manage Domains.

Manage Domain page:

• Underwent significant UI/UX changes.
• Users can now click on auto-discovered subdomains, directing them to a dedicated page.
• Implemented a tagging system for subdomains: Verified (legitimate), Flagged (illegitimate), and Unverified (not yet identified by the client).
• Empowers the client to categorize subdomains based on their legitimacy.
• The user guide on the Subdomains page will help to manage it properly.

Dashboard page & Aggregate page:

• Introduced a filter button in the UI/UX screen.
• The user can select to hide all flagged, verified or/and unverified subdomains in the account.

These updates enhance the user experience by providing more control and clarity over the management of subdomains, addressing the issue of subdomain clutter and potential spoofing.

We have improved the user experience by providing visibility into the Single Sign-On (SSO) status, indicating whether it is enabled or disabled.

Additionally, users can now easily ascertain whether an account or a specific user has accepted an email invitation directly from the Customer Management or Manage Users pages. This enhancement aims to streamline the monitoring and management of SSO settings and user interactions, offering greater transparency and efficiency.

Our new Sender Identification feature offers increased trust by verifying and classifying sender sources, which reduces spam and phishing risks significantly. The solution ensures compliance with industry standards, preventing email spoofing and unauthorized communication. With a user-friendly interface the End Users can manage their domains’ email sources, label the sources, authorize the trusted ones and configure SPF and DKIM records via the Hosted Services.

• The End User can see the Aggregate reports and sender sources grouped in a better, more optimized way.
• You can click the gear button under the Actions column to access the Configuration section and view detailed information about validated sender sources.
• Configuration pop up will guide you on how to configure SPF and DKIM records for the domain. But first, please select only one domain from the drop-down list to see this option.
• Our Hosted services will help you optimize the SPF and DKIM setups and protect your domains more efficiently.
• As an End User you can label and authorize the sources by clicking the Edit button from Actions as well. It can help find the source and label it in accordance with its functionality or theme.
• For those who prefer the previous version, the option to revert to the old version is available at the top of the page.
• Enhancements on Dashboard will help the user see the volumes of mails by Sender source, as well as configure them if needed.

Our PowerAnalyzer PDF templates just got a makeover for a sleeker look and improved functionality, especially for MSSP’s that have whitelabel enabled. Enjoy clearer visuals, effortless navigation, and tailored insights. 📈✨

We are introducing comprehensive BIMI lookup results, covering additional critical areas. The upcoming sections in PowerToolbox are designed to bring clarity to end-users:
✅ Logo Validation:

• A dedicated section for meticulous validation of BIMI logos, ensuring accuracy and adherence to standards.
  ✅ Certificate Validation:
• Thoroughly check BIMI certificates to address potential issues and expedite the resolution process.
  ✅ Theme Preview:
• Get a sneak peek into how your BIMI theme will appear, providing a visual understanding for both support and end-users.
  The improvements in the PowerToolbox, coupled with updates to the API documentation, are designed to eradicate any blind spots and provide a more thorough understanding of the BIMI protocol within your domain.