Our most recent update to Postmark's iOS app brings the ability to manage your suppression list right to your smartphone. 📱
Previously, when you wanted to view or manage your suppression list, you'd have to log in to our web UI. Now, you can manage your suppressions wherever you go with the iOS App. This update (v1.4.0) replaces the old Disabled addresses screen with a brand-new, powerful Suppressions view that makes it easy for you to:
We’ve also removed Firebase analytics tracking from the app.
What's the Postmark iOS App?
Take Postmark’s powerful monitoring and troubleshooting tools with you everywhere you go with our iOS app. Learn more →
On Wednesday, April 21st at 10pm Eastern Time we will be doing some scheduled database maintenance. During this time some non-sending API endpoints, as well as the Web UI, will be unavailable intermittently for up to 30 minutes. While non-sending API endpoints are unavailable, mail will be accepted and queued for sending once the maintenance is complete.
Please note that we don’t expect mail to be queued for the full 30 minutes, but you might see some intermittent API failures and web UI unavailability during this time. If you have any questions about this planned maintenance, please let us know. You can also keep an eye on our status page for real-time updates while the maintenance is ongoing.
We added Message Streams support to Postmark's Zapier Actions. You can now specify which stream you’d like to use to send email through messages triggered from Zapier. If no Message Stream is provided, we'll default to the
Outbound Transactional Stream.
Postmark's Zapier Actions support both Send an Email and Send an Email With Template.
We’ve made some updates to our two-factor authentication (2FA) process to make it even easier for you to set up this extra layer of security for your account. Previously, we required you to add a phone number to set up 2FA. Now, you can choose between SMS or app authentication.
At Postmark your data is secure and redundant, but keeping your account information secure is a team effort! Setting up 2FA is one of the most important things you can do to protect your account from unauthorized access—and to keep your data secure.
Set up 2FA by logging into your Postmark account, select your name in the top right, and then choose “Profile” to access your user settings. You can turn on two-factor authentication in the “Security” section on that page.
Select your preferred authentication method. You can choose between SMS or app authentication. Postmark supports Google Authenticator, Authy, and 1Password.
Nobody likes being locked out of their account, so we also made it mandatory to download your backup codes when setting up 2FA. They are your key to get back into your account should you ever change your phone number or lose access to your device.
As the account owner, you can! Head over to the Users section in your account and you’ll see who has enabled 2FA (and who might need a friendly reminder to get it set up).
That’s easy! Head to the 2FA settings in your account and turn off 2FA. Then, just start the setup process again. You’ll no longer be required to use SMS to enable 2FA.
We’ve added the ability to reactivate suppressions made by unsubscribed recipients. This functionality is available in the UI as well as through the Suppressions API
Did one of your recipients hit the unsubscribe link by accident? You can now reactivate subscribers so that they can receive your emails again.
To reactivate an unsubscribed recipient, head over to the Suppressions tab, find the recipient’s email address, and click the “Reactivate” button to remove the email address from your suppression list.
You can also reactivate subscribers via the API, using the "Delete a Suppression" endpoint. Here’s how.
🚨 With great power comes great responsibility. Honor unsubscribes and only reactivate email addresses when asked to do so, or when mistakes happen.
If someone marked your email as spam, they’ll be suppressed from future email sends as well. We take spam complaints seriously, so you won’t be able to reactivate that recipient on your own. If someone marked your messages as spam but would like to start receiving email again, reach out to our support team. We’re here to help.
To ensure the continued security of our systems, we wanted to let you know about some upcoming changes to our TLS (Transport Layer Security) configurations for API access. These changes may affect your application’s ability to continue to send mail through Postmark, so please read through this post in detail. These changes do not affect sending via SMTP.
On April 13, 2021, we are going to (1) disable TLSv1.0 access, (2) disable all RC4 and low-strength ciphers, and (3) add HSTS headers.
Here’s the full timeline of the changes:
We’ll discuss each change below, as well as your next steps to make sure sending isn’t interrupted.
TLSv1.0 has been deprecated, and we are following suit.
Impact: Connections that only support TLSv1.0 would not be able to connect anymore after this change.
RC4 ciphers are considered weak and they are deprecated as well. Along with this, we are getting rid of any low-strength ciphers that are vulnerable to breaks as well.
Impact: Connections that only support these old/weak ciphers would not be able to connect anymore after this change.
HSTS (HTTP Strict Transport Security) headers tell web clients to only ever connect to a URL over HTTPS for a period of time (usually 6 months to 1 year). This prevents something called a “downgrade attack”, where users are tricked into visiting a version of a URL that is not secured or validated with TLS.
Impact: We are adding these headers in accordance with industry standards. There is no API connectivity impact.
If you send with Postmark via our API, please make sure that your sending infrastructure is able to deal with these changes prior to the April 13 cutover date.
We’ve set up a temporary endpoint at
api-ssl-temp.postmarkapp.com that has these changes already applied. You can use this as an endpoint to test/validate against. Please be aware that there is no expectation of uptime on this endpoint, and that it will be shut down on April 20, 2021 with no further notice. It should only be used for temporary testing of non-production traffic.
If any of your tests with the temporary endpoint fail, updating your OpenSSL library should resolve the issue. If you are having trouble getting your API integration to work with this temporary endpoint, please contact our support team and let us know the exact error message encountered when attempting to connect, and a log of the connection attempt. We may be able to provide specific instructions for using newer TLS configurations.
We added Message Streams support to the Postmark plugin for Craft CMS so you can now specify which stream you’d like to use to send email through Craft. Previously, Craft would always send over your default transactional Message Stream.
Plus, because the plugin now also supports Broadcast Message Streams, you can now use Postmark to send bulk email via Craft Campaign.
Version 1.5.8 includes some helpful improvements to the template push command and template preview tool. Check out the release notes for all the details.
We plan to start posting webhooks from a new IP in a few weeks. If your application restricts access to public IPs, please ensure that the following IP is allowlisted:
We intend to start moving webhook traffic to this new IP on October 1, 2020, so please make sure the IP is allowed by any firewall or routing rules you may be using.
On Saturday, July 11, 2020, Postmark will be performing necessary database maintenance starting at 10:00 am Eastern Time. We expect the maintenance to last about 2 hours. The affected services will be:
Throughout the maintenance window, we will post updates on our Status page to keep you updated on the progress, including when exactly messages will be queued. Please get in touch if you have any questions or feedback.
P.S. We recently announced that we are adding new public API endpoints. Please make sure these IPs are allowed by any firewall or routing rules you may be using.
The database maintenance originally scheduled for June 27 is being postponed. A new date will be forthcoming. Original update below.
On Saturday, June 27, 2020, Postmark will be performing necessary database maintenance starting at 10:00 am Eastern Time. We expect the maintenance to last about 2 hours. The affected services will be:
Throughout the maintenance window, we will post updates on our Status page to keep you updated on the progress, including when exactly messages will be queued. Please get in touch if you have any questions or feedback.
We recently announced that to help increase the capacity of our API we plan to add new public endpoints in the coming weeks. If your application restricts access to public IPs, please ensure that the following IPs are whitelisted:
We originally intended to start moving API traffic to these new IPs in March, but we now plan to start using these IPs in production on June 22nd. Please make sure these IPs are allowed by any firewall or routing rules you may be using.
Postmark for WordPress v1.12 is now live! It adds support for Message Streams. You can now specify which stream you want to use in the plugin settings.
Auto-incrementing Bounce IDs will exceed signed 32-bit integers in the next 2-3 months. If you store these IDs in a database, or process them using your own code, please ensure you update your DB/application to use int64 values. As an even better solution, instead of using Bounce IDs for your application needs, consider switching to using our new Suppressions API, which avoids the need for this ID altogether. Please let us know if you have any questions.
To help increase the capacity of our API we plan to add new public endpoints in a few weeks. If your application restricts access to public IPs, please ensure that the following IPs are whitelisted:
We intend to start moving API traffic to these new IPs on March 16, 2020, so please make sure these IPs are allowed by any firewall or routing rules you may be using.
We wanted to give you an update to let you know of an upcoming change in our data retention policy for bounce events. These changes will go into effect on April 1st (yes, really).
As mentioned in our current data retention policy, after 45 days we remove all original message content and metadata from our system. For bounce reports, however, even though we remove the original message content after 45 days, metadata and the content of the actual bounce message have historically been retained for up to 1 year to enable troubleshooting.
In order to simplify our data retention policies, and also make sure that we do not keep data for longer than necessary, we are planning to make a change to this policy. As of today, new bounces will be deleted from our system 45 days after they are received. In short, our updated data retention policy has been simplified so that after 45 days we remove all original message content and metadata from our system, with no exceptions.
With this change, you will no longer see bounces older than 45 days when searching in your Activity feed, but you will always be able to see a searchable, full list of suppressed addresses within the Suppressions tab. Since bounces reactivation has historically been tied to BounceIDs, it has been necessary for customers to query for bounces, get a special BounceID, and then use the `/reactivate` endpoint with that ID. Depending on your workflow, reactivating bounces after 45 days using this process will no longer work. But, we’ve got you covered:
With the recent release of our Suppression UI and API you can easily search for inactive addresses, see the reason the address is inactive (block, hard bounce, etc.), and reactivate the address if possible. We recommend using this new API for all address reactivations, because it only requires one API call, rather than two, and will ensure addresses are reactivated, regardless of the suppression reason.
As always, if you have any questions or concerns about any of these changes, please let us know.
We've added a new command that spins up a local web server so that you can easily preview your compiled templates.
Check out the release notes for more details.
Back in March 2018 we released modular webhooks, allowing you to choose which events you’d like to send to each specified hook URL. Up to now this has only been possible through the UI. We’re happy to announce that we just released a brand new
/webhooks API endpoint, which brings support for the setup and maintenance of modular webhooks, as well as some of the Message Stream functionality we’ve been working on.
The new endpoint lets you list all existing webhook configurations; retrieve a specific configuration; and of course create, update, and delete modular webhook configurations.
Note that at this point we haven’t made any changes to how our
/servers endpoints work with regard to webhooks. Setting/updating webhooks via that endpoint will continue to set a single hook for your default transactional stream. We plan to update this in the future, but we’ll give you plenty of advance notice when that happens.
Updated December 3, 2019 with new key dates.
We wanted to let you know about a few changes we’re making to SMTP sending in the coming weeks to make this endpoint more secure. These changes will only affect sending via SMTP. If you use only the Postmark REST API to send, no further action is required on your part.
The following changes will be made to our supported SMTP TLS configuration:
We understand that this type of change can be disruptive, so we want to provide you with ample time to test and verify that your application will be able to continue sending mail using the updated security settings.
These are the key dates for these changes:
The most significant change, which might affect you, is that we are disabling TLSv1.0 on February 1, 2020. This protocol is old and vulnerable, so we will be rejecting connection requests that use TLSv1.0.
Before the cutover date on February 1, 2020, we recommend that you perform some tests against the following temporary testing endpoint:
future-smtp.postmarkapp.com. This endpoint matches the changes we’ll be making, so if everything works as expected, you’re good to go. Just switch back to using
smtp.postmarkapp.com and no further action will be needed.
If you run into any issues using the temporary endpoint (i.e., your SMTP client is unable to connect), please change your SMTP client configuration to use TLSv1.1 or higher, or upgrade your SMTP client to a version that supports TLSv1.1 or higher. Documentation for SMTP clients will typically provide configuration options, where you can see how to set the connection to use TLSv1.1 or higher. If there is not a version of your SMTP client that supports TLSv1.1, you will need to select a new SMTP client that does support TLSv1.1 or higher in order to continue using Postmark.
If you are unable to get an SMTP client that is compatible with TLSv1.1 or higher working with the new SMTP endpoint, please contact our support team and let us know the following details:
We may be able to provide specific instructions for opting into using newer TLS configurations.
Once again, we are going to disable TLSv1.0 on February 1, 2020. Please perform all testing and make any necessary code changes before this date.
Please let us know if you have any questions about these changes.
Our template comparison tool now lets you review code changes and quickly navigate between templates. This tool is available when pushing templates between servers.
We have added the following IPs to our SMTP endpoint service. If you send email using SMTP and explicitly whitelist our SMTP endpoint IPs, these will need to be added:
Today we are releasing the first in a series of product changes to get us to the point where you can send all your email through Postmark. This release introduces the concept of Message Streams to the Postmark UI.
A Message Stream is a way to organize and separate your sending within a server. We know that some people use servers as environments, while others use it to separate clients, apps, etc. Message Streams give you an additional way to separate your sending and reduce the proliferation of servers on your dashboard.
Check out our blog post for all the details.
We released a bunch of improvements to MailMason's workflow. This includes the ability to push your templates up to Postmark as well as general maintenance and package upgrades. We've also made design and accessibility improvements to the starter templates that ship with MailMason.
We know how frustrating it is to edit common elements like the date in a footer, or a logo, or a design change you want to make across all your Templates. So today we are really excited to announce the release of Postmark Layouts — a way to define commons elements like CSS, Headers, and Footers, and reuse those Layouts across many Templates.
On Monday, May 20th we made a change to the way we process SMTP headers for emails that are sent with SMTP. Please note that this change does not affect sending via the API.
Historically, when Postmark accepted messages over SMTP, we have constructed the
Bcc headers for messages sent to show only the subset of recipients you specify during sending. In some uncommon cases, this behavior meant that not all recipients would be visible in the message that is delivered to your recipients.
With this update, we will ensure that the recipients that are visible in your messages’
Cc headers are the same as what will be shown to the final recipients of your messages. We will no longer reconstruct them based on our older behavior, which, in some uncommon cases, could have prevented some recipients from being displayed in the final email that we deliver.
Read the blog post for full details.
We just released an update to the status page that lets you see the status of each individual service, and also drill down into the response times and past incidents for each service.
Have you been frustrated while trying to use your phone to view your Postmark stats or find a specific email in your activity feed? Us too! So we’re happy to say that the Postmark web app is now — at long last — responsive. Like so:
Please try it out and let us know if you have any feedback!
We will disable support for SSL v3 on March 7th, and going forward our servers will only support encrypted SMTP connections using TLS (1.0 - 1.3). Most customers will not be affected by this change. However, you can double check that your SMTP client is compatible by temporarily sending mail through
future-smtp.postmarkapp.com instead of
future-smtp.postmarkapp.com points to the new servers (and new IPs) and it does not allow SSL v3 connections. If you use connection to test and everything works well, no further action is needed and sending should continue through our current endpoint:
If you are having trouble connecting over
future-smtp.postmarkapp.com you will need to update your SMTP client. Please can let us know if you are not able to resolve or update your SMTP client before the switchover date.
Action Mailbox is a new framework in Rails 6 that routes incoming emails to controller-like mailboxes for processing in Rails. You can get more information about Action Mailbox in the introduction blog post.
We just released an update that lets you push template changes from one server to another. Check out our blog post for all the details.
Our WordPress plugin now supports link tracking! We've also fixed an issue where open and link tracking options were not honored when sending a test email.
We just released an update to the WordPress plugin that adds an optional setting for preserving logs of send attempts. It adds a new Logs tab that can be used to view the last 7 days of plugin sending activity.
Preserving send logs are useful for a couple of reasons:
We heard a lot of feedback from users saying their plugin wasn't working but they had no idea why, and there was not an easy way to tell what was going wrong. Now, you can quickly see what is going on and resolve the more common errors, like trying to send from an address that isn't on your account yet, or trying to send to external recipients before you Postmark account is approved.
We’ve already made a few minor updates based on feedback and additional real-world use, so make sure to grab the latest version. Check out the wiki for more details, including a migration guide for moving from 1.x to 2.x.
You can now for search for a template from the UI. No more sifting through pages and pages of templates to find what you’re looking for!
You can now receive notifications through our Slack app each time we add or update an incident on our status page. Check out the Postmark Slack app page for more details.
Today we released an update to the Postmark iOS app! This release includes:
Today we released some layout updates to our template pages. This first update focuses solely on quick wins at making it easier to manage more templates with longer naming conventions. It also sets the stage for our next updates in the pipeline like template searching and aliases.
Keep an eye out for phase 2 and 3 changes in the coming weeks!
We’ve made tons of design improvements in the Postmark app over the past few months. From a new activity feed, to a better DNS Settings page, all the way through a redesign of our webhook pages, we set out to understand exactly what you need to do on those pages and flows, and design the best possible experience for those needs.
Today, that philosophy gets extended to one of the most-used pages in the Postmark app: the Servers page. You’ve been asking us for a while to add features like search and better sorting options to that page, and today we’re happy to give you that, and much more.
This release includes support for our new metadata feature. You may now include metadata with your outbound messages, and Postmark will include that data in webhook payloads, message details, and message searches. See the full release announcement here.
This release also enables you to specify the BaseURL for each API request, making testing with Guzzle a lot easier.
Finally, you can now enable, or disable SMTP API Error Webhooks for Servers using the Admin Client.
As always, we hope this release helps you get even more value from Postmark, and please feel free to contact us if you have any questions or requests!
Our Swiftmailer Transport for Postmark has been updated with some minor enhancements, and it also now works with SwiftMailer 6.
This release of the official .net client for Postmark includes the addition of the Domains APIs, support for our new custom metadata feature, as well as the “EnableSMTPErrorHook” property to the the Create and Edit Server endpoint methods.
You can now add custom metadata to your emails, and we'll pass that same data back to your system through our webhooks.
We just finished work on a series of small updates to the app that work together to help you pick the pricing plan that's right for you, and make the whole "paying for Postmark" thing a lot more pleasant. Below is an overview of the changes.
Instead of a gauge that shows that you're "in the red" as soon as you hit your monthly limit, we now have a much better indicator with three states:
This will clear up a lot of the confusion about where you're at with your usage.
We've improved the messaging we show when it would be beneficial to you to upgrade.
Our billing emails used to be text, and they're now beautiful HTML templates. We now also tell you if you can save money by upgrading to the next plan.
New users will now see the pricing calculator in the app, so they don't have to leave the app and go to the marketing site to do the calculation.
Repeat config option
To continuously check an email address, add the repeat option to the config object. repeat accepts any number above 5000 milliseconds. We recommend using it sparingly for workflows crucial to email such as account activation or password reset pages.
Check out Rebound’s API docs for more details.
We're constantly improving Postmark and taking care of small issues and annoyances that we find (or you send us!). We wanted to start telling you about these fixes, so from now on we'll update you every few months about the bug fixes and other small tasks we take care of in between our larger feature projects.
Here's a brief overview of all the bug fixes and small changes we completed in April and May of this year:
Email is a critical component of most web applications, and we know how important it is to have tools to investigate and resolve any delivery issues quickly. The Postmark iOS app allows you to take our powerful email monitoring and troubleshooting tools with you wherever you go.
We now disable all the third-party scripts that collect data about users visiting our website if the user has Do Not Track enabled. This includes analytics and A/B testing services, as well as less obvious data collectors like live chat.
Rebound prompts your customers to update their email address if an email you sent them hard bounced.
You can now add multiple webhook URLs for a server and choose which events you’d like to send to each specified URL.
This one has been a long time coming… Today we’re happy to announce that you can now — yes, finally — perform searches on the sender signatures page. No more going all the way to page 594 (yes, some accounts really have that many sender signatures!) to find that one elusive one you’re looking for.
Send Bounce notification messages from Postmark to a Slack channel of your choice. Each notification also provides a direct link to the Message Details page so that you can investigate further.
Postmark now offers monthly plans instead of credits, and the new plans will likely save you money. More importantly, if the new pricing doesn’t save you money, nothing changes.You’re grandfathered. You can continue using credits, and your pricing doesn’t change a bit unless you want it to.
We release a simplified DNS Settings page to make it easier to ensure great delivery for your email. But we didn’t stop there — we also made some backend changes to streamline how we authenticate domains for email sending. Let’s go through some of those changes.
Hot off the heels of releasing advanced user roles and permissions, today we’re giving you a way to add extra security to your account by enabling two-factor authentication (2FA).
For the longest time we’ve only had two types of accounts: a single Account Owner, and separate Viewers. Viewers are only able to view reports, email activity, and receive email digests for the servers they are assigned to. So, today, we’re adding two new roles to Postmark: Account Admins and Server Admins.
You can now add emoji to your Postmark subject lines, and they’ll render correctly in your favorite email clients. Of course, emoji are already supported in the message body, so there are no changes there.
We released some significant updates to the activity feed to increase information density and clarity, upgrade the filtering experience, and add the ability to export the activity feed to a CSV.
We’ve really expanded our documentation. More guides, help docs, blog posts, open source projects, and developer docs. Unfortunately, that proliferation led to fragmentation. So we set aside time to unify all of our documentation into a single home and make it all searchable.
We decided to take our DMARC reports a step further. Instead of just showing you synthesized DMARC information, we now include helpful tips on how to address each of the possible issues you might see on the IP addresses that are sending on your behalf.
Postmark can now notify your application of delivery events via webhooks so you can do a variety of things like feed delivery events into an internal system, provide delivery even notifications to your customers, or aggregate delivery even data to see patterns and respond accordingly.