Changelog

Postscale now has an official Python SDK: postscale.

• Python 3.10+ support. The package uses httpx and supports synchronous and asynchronous clients.
• API-native requests. SDK calls keep the same snake_case fields as the REST API and OpenAPI docs.
• Structured result shape. Resource methods return PostscaleResult objects with data, error, and headers.
• Email sending and attachments. The first release includes email sending, attachment helpers, domains, DKIM, aliases, inbound, stats, warming, suppressions, webhooks, templates, usage, and trust resources.
• Webhook verification. The SDK verifies the timestamped X-Postscale-Signature format and supports multiple candidate secrets during rotation windows.

Install it with:

pip install postscale

Start with the SDKs and HTTP Clients guide, then use Sending Emails and Webhooks for production integration details.

This release covers public product APIs only. Billing, invoices, onboarding, browser auth, MFA, API-key management, admin routes, Stripe webhooks, unsubscribe endpoints, and contact forms are intentionally excluded.

Postscale now has an official Node.js and TypeScript SDK: @postscale/postscale.

• Node 20+ support. The package uses the platform fetch runtime and ships ESM, CommonJS, and TypeScript declarations.
• API-native requests. SDK calls keep the same snake_case fields as the REST API and OpenAPI docs.
• Typed result shape. Resource methods return { data, error, headers } so applications can handle API errors without wrapping every call in try/catch.
• Email sending and attachments. The first release includes email sending, attachment helpers, domains, DKIM, aliases, inbound, stats, warming, suppressions, webhooks, templates, usage, and trust resources.
• Webhook verification. The SDK verifies the timestamped X-Postscale-Signature format and supports multiple candidate secrets during rotation windows.

Install it with:

npm install @postscale/postscale

Start with the SDKs and HTTP Clients guide, then use Sending Emails and Webhooks for production integration details.

This release covers public product APIs only. Billing, invoices, onboarding, browser auth, MFA, API-key management, admin routes, Stripe webhooks, unsubscribe endpoints, and contact forms are intentionally excluded.

Suppression migration is now built into Postscale.

• Dashboard import flow. Open Suppressions > Import Suppressions, choose a provider, upload the CSV, preview normalized rows, then commit only the valid entries.
• Provider-aware parsing. Imports support SendGrid, Mailgun, Postmark, Resend, Amazon SES, and custom CSV exports. Common columns like email, recipient, reason, event, type, scope_type, and scope_id are normalized automatically.
• Preview before write. Import jobs show valid, invalid, and duplicate rows before anything is added to the org suppression list.
• Idempotent commits. Existing suppressions are skipped instead of duplicated. New rows keep an auditable source such as import:sendgrid or import:mailgun.
• Scoped unsubscribes. Hard bounces, complaints, and manual blocks remain org-wide. Unsubscribes can preserve domain, stream, template, or list scope when the export includes that context.

This is meant for migration week: import hard bounces, complaints, unsubscribes, and manual blocks before the first real send through Postscale.

Read the new blog post on why this matters: Import suppression lists before migrating email providers. The implementation details are in the Suppression List Migration Guide and the Suppressions API reference.

Webhooks just got a real security model and a real outbound surface.

• Signing secrets per endpoint. Every new webhook gets a fresh whsec_… secret, shown once at create. Existing endpoints can generate one with a single click in Webhooks → Generate Secret.
• Timestamped signatures. X-Postscale-Signature is now t=<unix>,v1=<hmac> — the timestamp lets receivers reject replays outside a tolerance window (5 minutes is the recommended default).
• Zero-downtime rotation. Rotating a secret keeps the previous one valid for a configurable grace window (default 24 hours, max 7 days). During the window each delivery carries two v1= signatures so receivers can update without dropping events.
• Outbound delivery events. Subscribe an endpoint to email.delivered, email.bounced, email.deferred, or email.complained — one webhook can subscribe to any combination including email.received. Events fire from a durable queue inside the API, so customer endpoint slowness can't back up our delivery pipeline.

Verification details, the full event taxonomy, payload shapes, and runnable Node + Python verifiers are in the updated Webhooks guide. Existing webhooks continue working unchanged — their event_types defaults to ["email.received"] and they keep delivering unsigned until you opt in to a secret.

Launched five browser-only email infrastructure tools at postscale.io/tools. All of them run entirely client-side — DNS queries go through Cloudflare's DNS-over-HTTPS, nothing is logged or stored on our servers.

• SPF checker — walks a domain's include/redirect tree and counts DNS lookups against the 10-lookup limit.
• DKIM lookup — inspect the published public key by selector, see key size and status.
• DMARC policy checker — get a 0–5 enforcement maturity score and next-step recommendations.
• DMARC aggregate parser — paste RUA XML and see per-source records, DKIM/SPF alignment, and pass rate.
• Email headers analyzer — paste raw headers and get the routing hop chain plus auth results.

Every tool links back to the relevant API product for users who want automation instead of one-off diagnosis.

Three new vertical landing pages explain how Postscale maps to specific industries:

• For SaaS — transactional, inbound, masked addresses under one API key.
• For e-commerce — order mail plus XRechnung-compliant invoicing for the 2025 mandate.
• For healthtech — EU-hosted, GDPR-ready patient communication.

Each page leads with the pain points we hear most often from that industry and links directly to the matching product pages.

Four new /alternatives/* pages for teams evaluating EU-hosted options:

• Postscale vs SendGrid
• Postscale vs Mailgun
• Postscale vs Postmark
• Postscale vs Resend

Each page covers pricing at 10k/100k/500k sends per month, EU/EEA primary service-data posture, feature parity, and a three-step migration outline. Honest where competitors win on brand maturity; specific where Postscale wins on processor posture or bundled features.

Postscale's full product catalog now has a dedicated landing page per capability:

• Transactional Email API — send password resets, receipts, notifications.
• Inbound Email API — receive email as HMAC-signed webhooks.
• Masked Email API (Shield) — privacy addresses that forward to real inboxes.
• DMARC Reporting API — parse DMARC aggregate XML reports programmatically.
• XRechnung API — send and receive EN 16931 e-invoices (XRechnung, ZUGFeRD, Factur-X).

All five share the same API key, the same authentication, the same dashboard, and the same flat EUR pricing. See them in the all-products grid.

A batch of structural improvements that quietly compound:

• JSON-LD Product + FAQPage + ItemList schema on every product and category page so Google can render rich SERP snippets with price ranges and expandable FAQ cards.
• Sitemap expansion from 50 to 100+ URLs — every canonical homepage, pricing, and invoices page now has its own <url> entry.
• PNG Open Graph images (1200×630) replacing the previous SVG, which Facebook, LinkedIn, Slack, WhatsApp, and iMessage were silently refusing to render.
• Consistent English metadata across the public site so search snippets, social previews, and sitemap entries stay aligned.

No visible product changes, but the site's Google footprint doubled overnight.

Postscale has always run on self-hosted Umami analytics (EU-hosted, privacy-preserving, no Google). Now the frontend fires structured events for every meaningful conversion point:

• signup_completed
• plan_selected, payment_completed
• domain_added, api_key_created, email_sent_dashboard
• beta_requested, contact_form_submitted
• pricing_cta_clicked, product_cta_clicked, alternative_cta_clicked

All events stream to analytics.dnscale.eu in real time. No tracking script from Google, Facebook, LinkedIn, or HubSpot touches the page. For teams evaluating Postscale on GDPR grounds, this keeps website analytics on Postscale-operated infrastructure instead of third-party adtech scripts.

Postscale Invoices is in production. One REST API endpoint for:

• Validation — submit an invoice XML, get structured errors against the full EN 16931 schematron.
• Sending — email invoices as attached XML or as hybrid PDF/A with embedded XML (ZUGFeRD).
• Receiving — point an MX at Postscale, get parsed invoice JSON via webhook — line items, totals, VAT, buyer/seller IDs already extracted.

German B2B buyers have been required to receive E-Rechnung since 2025-01-01. Sending phases in through 2028. If your accounting stack still processes PDFs, you'll be fine for inbound today but blocked for sending from 2027.

Full developer guide: XRechnung API: A developer's guide to Germany's e-invoicing mandate.

Postscale is live. Three email primitives under one key, with EU/EEA-hosted primary service data:

• Transactional — REST API or SMTP relay. DKIM + DMARC auto-configured. Real-time delivery webhooks.
• Inbound — point an MX record; receive messages as HMAC-signed webhooks with parsed headers, bodies, and attachment download links.
• Masked addresses (Shield) — generate unique, revocable aliases that forward to your users' real inboxes on your own domain.

Postscale is operated by DNScale OÜ (Estonia, EU). Primary production service data is hosted in the EU/EEA. Limited network, device, and operational metadata may be processed by infrastructure providers under appropriate transfer safeguards. The standard GDPR DPA is signed pre-sales with no lawyer-only meetings.

Free tier: evaluation volume for shared send + receive email usage and masked addresses. Paid plans start at €9/mo. See pricing for current limits.