5 June 2026
Beta4 adds internationalised mail (EAI) support, an embedded Prometheus metrics endpoint, improved DNSSEC reporting, and several fixes.
PhoenixDKIM can now sign and verify internationalised mail with UTF-8 header field bodies and U-label (IDN) domains. Header field names and DKIM tag names remain ASCII; UTF-8 body content is validated to RFC 3629 — overlong encodings, surrogates, and lone continuations are rejected. Requires libidn2; enabled at build time with -DWITH_LIBIDN2=ON.
MetricsAddr adds a lightweight opt-in HTTP server that exposes live Prometheus-format counters directly, with no external exporter or collector required. Complements the MetricsFile textfile exporter introduced in beta3.
PhoenixDKIM now distinguishes "DNSSEC validation unavailable" (the resolver does not validate) from "not evaluated", and exports the key-record DNSSEC status to the Authentication-Results header and milter macros.
The t=y testing-key disposition override is now logged with an explicit line and header token so operators can see why a failing signature was still accepted. The t=s envelope/header alignment and g= local-part matching are audited against RFC 6376.
Fix: free queued DNS replies in the test harness (silences LeakSanitizer).
Fix: remove dead unreachable code and unused preprocessor macros.
Full notes: 1.0.0-beta4 release notes; source and signatures on the Download page.