Category: Releases

This release focuses on improving team account management, inbox performance, and frontend reliability across the Mailsac web app.

Summary

• New “elevate to root” permission for safer admin delegation
• Inbox UI rewritten with improved pagination and clarity
• Faster debugging tools and message analytics
• MFA enforcement tightened for account security

Features

Elevate to Root User

Team users can now be granted an “elevate to root” permission. This allows a user to temporarily assume root-level privileges within their session without exposing root account credentials.

Use cases:

• Safer offboarding (no shared root access to rotate)
• Delegating admin tasks without sharing credentials

Elevation is session-scoped and requires re-authentication.

Individual Inbox Refresh

The inbox UI has been rewritten on the new frontend framework.

Improvements:

• Faster, more complete pagination and message navigation
• Clearer indication of public vs private inboxes
• Reduced UI latency when loading large inboxes

General Improvements

Continued migration to the new frontend framework across multiple app pages.

Faster loading for inbound message debugging and message count charts.

Direct access to forwarded inboxes from the Enhanced Addresses list.

POP3 settings consolidated into the Enhanced Address Management screen.

Security & Fixes

MFA is now required, as an additional security step, to remove MFA from both team and root accounts.

Fixed an issue where some inbound mail was not tracked correctly. As a result, Ops usage may increase for affected accounts.

Removed the spam feature due to low usage.

Upgraded frontend dependencies to address known security vulnerabilities.

Behavior Changes

Spam feature removed – account.disableSpam property no longer present.

Inbound message tracking corrected (may increase Ops usage as noted above).

We continue to enhance the Mailsac platform and have improved the performance of the throttling engine that is at the heart of our inbound email service. It helps us separate non-customer email from spam.

We are excited to announce upgrades to the Mailsac Platform, recently deployed in November 2024.

Load Testing Feature

Mailsac is the first QA Disposable Email Platform which allows Load Testing or Burn Testing of SMTP sender servers. You can safely send enormous amounts of test email to Mailsac after creating a Load Test Subdomain in the Mailsac Dashboard. When we receive these emails to a special subdomain, they are not subject to the (already high) throttling limits of the main platform. Note that emails are not saved/indexed as normal, so this is a feature specifically for testing your capacity to send high volume email campaigns.

More tutorials for Load Testing email will be coming soon.

Improved Account Analytics Performance

We overhauled the backend systems for usage and analytics. You may have noticed sluggishness in the past on these features, but that should be gone for good. There’s also an updated user interface for debugging inbound mail and webhooks.

Throttling notices in every inbox

Custmers will start seeing informational messages in the inbox view https://mailsac.com/inbox/{{ email address }} when there has been throttling imposed on the inbox or sender to the inbox.

Paying customers will very rarely experience throttling. In almost all cases, throttling happens because they were sending to a public inbox, not a custom domain or private address.

We only throttle incoming messages to protect the stability of our service for all of our customers. These protections have been in place for years, but were not transparent to customers.

If you are on a paid plan and you are seeing throttling messages, reach out to support@team.mailsac.com, we can help you configure a custom domain or private addresses. These both can be done in seconds with no need for DNS changes.

If you are on our free tier and seeing these messages, this is a nudge for you to sign up for a paid plan. We would love to have you as a customer.

Unified Inbox, UI Modernization Efforts, and Maintenance Notifications

We do our best to be customer-focused by listening to our customer feedback and making sure your issues are addressed.

This month, we focused on UI issues that customers reported or we noticed when we were using our service.

Improved Maintenance Notifications

During a major database upgrade in September we noticed our maintenance notification on the website wasn’t always working properly. This resulted in customers seeing an unfriendly error.

From now on, customers will see a friendlier error page or API message when we are down for maintenance. That’s typically rare – once a year on average. We deploy often. Mailsac’s architecture has several load balancers and caches, and redundancies – we avoid stop-the-world events. But sometimes that’s unavoidable, and we hope it won’t be confusing.

Unified Inbox

The navigation bar for the Unified Inbox now works properly under Safari. It should no longer be cut-off (missing pagination buttons) in other browsers while viewing a message.

Starred messages for non-owned inboxes will now appear in the Unified Inbox.

UI Modernization

As noted in previous posts, we are migrating the entire Mailsac user interface to React and Next.js. After all pages are migrated, we will give the styling a facelift.

For now the migration should look seamless – perhaps slightly faster and more solid (thank you static typing and pre-compilation).

The account details page has been converted over to Next.js.

A bug that didn’t allow a customer to remove an invoice email was fixed.

The password reset and account deletion functions were moved to their own pages.

We added many more integration tests to account management features.

Backend upgrades

On a weekly basis we patch, upgrade and improve the many backend systems of Mailsac across several environments. Typically this involves making small change to ansible, terraform, docker, code dependencies, or other infra-as-code. We often migrate portions of the 12+ year old Node.js JavaScript codebase to TypeScript or Go. If we’re luckily, we can delete unnecessary code or remove a dependency.

To run this SaaS smoothly, every day we get onto the software treadmill. We we enjoy running this service immensely, and hope you enjoy using it.

We’re delighted to announce a significant enhancement to our free tier plan, specifically tailored to meet the needs of Quality Assurance (QA) teams and automated testers. Effective immediately, all free Mailsac users will have access to one free private address, enabling them to maintain confidentiality during email testing and ensure privacy for sensitive testing communications.

The addition of the free private address empowers QA teams and automated testers with an extra layer of control over their email testing activities. With the free private address, they can separate and safeguard their testing correspondence, ensuring the confidentiality of valuable testing data. By seamlessly managing both public and private email addresses within a single Mailsac account, QA teams and automated testers can streamline their workflow and simplify the management of their testing environments.

“At Mailsac, we understand the critical importance of data privacy and confidentiality in the testing process. We are excited to offer QA teams and automated testers the advantage of one free private address to enhance their email testing capabilities,” stated Michael Mayer, managing executive at Mailsac. “This enhancement is a testament to our commitment to empowering professionals in the QA field with robust email solutions that prioritize privacy and security.”

In addition to the free private address, Mailsac’s free tier plan includes a comprehensive range of features designed to cater to the unique needs of QA teams and automated testers. These features include rolling message storage space, customizable email addresses, and reliable email forwarding and routing capabilities. The ability to forward emails to various testing integrations environments, via Slack, webhooks, websockets, and other Mailsac addresses, facilitates seamless communication and collaboration within a company’s testing ecosystem. Furthermore, Mailsac provides a robust REST API, enabling QA teams and automated testers to check and manage email messages with ease during their testing cycles.

To benefit from enhanced privacy, advanced email testing capabilities, and a comprehensive range of features, QA teams and automated testers can sign up for Mailsac’s free tier plan at https://mailsac.com/pricing. The inclusion of the free private address and the expanded email testing options demonstrate Mailsac’s commitment to meeting the specific requirements of QA professionals, enabling them to conduct thorough and secure email testing.

About Mailsac: Mailsac is the leading provider of secure and flexible email testing services, catering to the needs of individuals, small businesses, and organizations worldwide. With a strong emphasis on user privacy and data protection, Mailsac empowers QA teams and automated testers to conduct rigorous and secure email testing while maintaining control over their digital identities. From the free tier plan to enterprise offerings, Mailsac delivers unmatched email solutions and exceptional customer support.

For media inquiries, please contact: Michael Mayer Email: mjmayer@team.mailsac.com

A look at filtering email messages with the Mailsac API

Mailsac has rolled out a new API endpoint feature, dubbed “inbox filter.”

It limits email messages using the to, from, and subject fields. Say goodbye to the conventional OR logic of /api/inbox-search and embrace the power of logical AND.

The Inbox Filter Endpoint: Technical Breakdown

The /api/inbox-filter API endpoint accepts the following optional query parameters:

1. andSubjectIncludes: Filter messages by text included in the subject line
2. andFrom: Filter messages by text included in the FROM envelope
3. andTo: Filter messages by text included in the TO envelope

This endpoint delivers results only when at least one query condition is specified, otherwise, expect a 400 error. The response is capped at 100 results, so adjust your query or prune your account accordingly.

JavaScript Unit Test with Mocha and Axios

To illustrate the usage of the /inbox-filter API endpoint, here’s a JavaScript unit test using Mocha and Axios:

const axios = require('axios');
const assert = require('assert');

describe('Inbox Filter API Endpoint Test', () => {
  it('should return filtered messages', async () => {
    const mailsacApiKey = 'your-api-key-here';
    const endpoint = 'https://mailsac.com/api/inbox-filter';
    const andSubjectIncludes = 'Important';
    const andFrom = 'johndoe@example.com';
    const andTo = 'janedoe@example.com';

    const response = await axios.get(endpoint, {
      headers: { 'Mailsac-Key': mailsacApiKey },
      params: { andSubjectIncludes, andFrom, andTo },
    });

    assert.strictEqual(response.status, 200);
    assert.strictEqual(Array.isArray(response.data.messages), true);
    response.data.messages.forEach((message) => {
      assert.strictEqual(message.subject.includes(andSubjectIncludes), true);
      assert.strictEqual(message.from[0].address.includes(andFrom), true);
      assert.strictEqual(message.to[0].address.includes(andTo), true);
    });
  });
});

Looking for a robust email testing solution that can simplify your workflow and improve efficiency? Look no further, friends. Mailsac offers powerful features like this new inbox filter API endpoint and many more, tailored to meet the needs of developers, testers, and businesses alike. Discover the benefits of Mailsac today and elevate your email management game. Try Mailsac for free or learn more about our plans and join our growing community of satisfied users at forum.mailsac.com.

Get ready for some boring news. At Mailsac, we release a steady stream of updates – week by week, all year long – with no fanfare. We avoid breaking changes wherever possible. Most of our customers have Mailsac integrated deeply into their CI/CD and QA processes. Breaking your build is not cool.

Here’s a recap of improvements we made over the past few months:

• Updated UI interfaces for managing things like API keys, email addresses, and more. We’re modernizing the main website for security and ease-of-use. Stay tuned for a lot more of this.
• Additional “Copy text” buttons and cross-browser compatibility improvements.
• POP3 server fixes to some edge cases around Windows line endings.
• Over 50 security updates to dependencies which are (hopefully) completely transparent to you.
• Performance and security upgrades to our underlying servers.

Over time, SaaS services add too many features, getting clunky and slow user interfaces. At Mailsac we’re not beholden to venture capital or shareholders. Customers have our full attention. You pay us for dev and QA tools to help test email. Thus we prioritize speed and singleness of purpose to deliver you those tools. We want to be extremely helpful, yet stay out of your way.

If you’ve ever got issue with Mailsac, paying customers can contact us at support@team.mailsac.com. A human being will reply pretty quickly, getting you unblocked. (For non-paying users, please ask for help at https://forum.mailsac.com )

Today’s release of Mailsac’s frontend services includes many fixes.

We tend to release weekly with no downtime and no fanfare. Occasionally we’ll post updates here.

fix: infrequent crash on logout

Most notable is a fix to a UI crash when logging out. In certain situations, you may have seen an error message, even though the logout was successful.

Prettier and more usable charts

We heard your feedback. Usage charts have been aging. Sometimes the styling makes the charts hard to read.

Some additional PostgreSQL optimizations are coming soon. We’ll continue reducing the load time on charts. Thanks for the patience!

Dependency upgrades

For better or worse, modern software stacks have huge numbers of dependencies. Staying ahead of security issues is a daily effort.

At Mailsac we use security scans, Dependabot, and npm audit to stay on top of upgrades. Hundreds of automated tests run to give us confidence that minor and patch semver updates don’t introduce breaking changes.

We subscribe to security mailing lists for our software, such as:

• https://groups.google.com/group/nodejs-sec
• golang-announce
• golang-dev
• golang-nuts
• DevOps weekly
• Node.js weekly
• Golang weekly
• Various PostgreSQL channels at lists.postgresql.org

and more!