Changelog

Contact Lists — import contacts from CSV, Excel (.xlsx/.xls), or public Google Sheets. Organise into named lists (Customers, Leads, VIPs). Send to a list directly from the Compose page.

Plan-based contact quotas — Free: 500 contacts / 3 lists. Starter: 2,500 / 10. Pro: 25,000 / 25. Scale: 250,000 / 100. Enterprise: 1,000,000 / 500.

Smart duplicate handling — self-duplicates and existing DB contacts are skipped for free and never consume quota slots. Partial imports fill available slots exactly, with a clear upgrade prompt for capped rows.

Google Sheets import proxy — paste a public sheet URL; ZidiMail fetches the CSV server-side, no OAuth required.

CSV import template — download a ready-to-fill contacts-import-template.csv from the import modal or the docs.

Integration guides — step-by-step docs for Next.js, Laravel, Django, and WordPress added to the blog.

llms.txt — added AI-readable product summary at /llms.txt to improve discoverability in ChatGPT, Perplexity, and similar tools.

Contact API is JWT-only — API keys cannot create, import, or delete contacts, preventing a leaked key from exfiltrating your audience.

SSRF protection on attachment URL fetching — private IPv4/IPv6 ranges, localhost, and DNS-resolving-to-private hosts are all blocked.

Import modal column guide — shows which CSV/sheet columns are expected (email required, name optional) with a download template link.

Docs expanded — Contact lists and Importing contacts sections added with plan quota table, dedup algorithm walkthrough, and Google Sheets step-by-step.

Team member invites — owners can now invite colleagues from Settings → Team Members. Invites expire after 7 days.

Password change — update your password directly from Settings without going through the forgot-password flow.

Idempotent email sends — pass X-Idempotency-Key to safely retry sends without duplicating messages.

Bounce & complaint rate alerts — automatic email to the admin when platform bounce rate exceeds 4% or complaint rate exceeds 0.08%.

Health endpoint — GET /health now checks both database and Redis connectivity and returns 503 if either is down.

SPF lookup warning — adding a domain now warns if your SPF record has too many DNS lookups (the RFC limit is 10).

Webhook delivery history — each webhook endpoint now shows recent deliveries with a one-click retry button for failures.

Webhook retry logic — failed deliveries now use exponential backoff (3 attempts) via BullMQ.

Error tracking — Sentry integrated across dashboard and API with source maps deleted after upload.

Domain verification — background job re-checks all domains every 4 hours and emails you when status changes.

Initial launch — transactional email API with SPF, DKIM, and DMARC auto-configured on domain add.

Domain verification — add your sending domain and get step-by-step DNS setup instructions.

API key management — create, label, and revoke API keys per organization.

ZidiGuard suppression list — hard bounces and spam complaints are automatically suppressed to protect your domain reputation.

Webhooks — subscribe to email.sent, email.delivered, email.bounced, email.complained, email.opened, and email.clicked events.

Sandbox mode — all new accounts start in sandbox so you can test your integration safely.

Daily & monthly sending limits — enforced per organization with owner email alerts at 80% and 100% usage.

Analytics dashboard — delivery rate, bounce rate, complaint rate, and daily send volume charts.

Account deactivation — self-service with 30-day recovery window before permanent deletion.