Breadcrumbs

Messaging Platform

April 2026

Safeguard – Enable IP Address Restrictions

Security recommendation


We strongly recommend that all Messaging Platform customers enable Safeguard IP Address Restrictions to protect against Artificially Inflated Traffic (AIT) and SMS pumping. No technical changes have been made to the platform — this update is focused on helping you get the most out of the security tools already available to you, backed by new documentation in our Knowledge Center.

What's new

  • New Knowledge Center documentation — Detailed guides to help you set up and manage Safeguard IP Address Restrictions are now live.

  • Why it matters — IP Address Restrictions let you control which IP addresses can access your messaging credentials for both Business Messaging API and SMPP connections.

How to enable it

  1. Go to cm.com/app/channels

  2. Navigate to API Access and Settings → Business Messaging Settings

  3. Open the Safeguard tab → IP Address Restrictions

Need help? Contact our Support team or your account manager.

Learn more about AIT fraud | Knowledge Center: IP Address Restrictions

January 2026

Update on TLS 1.3 restriction for Business Messaging

Update


We previously announced that support for TLS 1.2 would end on March 1, 2026. This fixed deadline has been removed. TLS 1.2 remains available for now, but we strongly recommend upgrading to TLS 1.3 as soon as possible. Traffic over TLS 1.2 or unencrypted connections may still be blocked in specific cases for security or compliance reasons.


January 2026

Safeguard – Descriptive names for IP Address Restrictions

Improvement


You can now add an optional description/name to each allowed IP address or CIDR range, making it easier to recognise why an IP is on your allow-list (e.g. "Office VPN", "Production NAT", "Partner gateway"). This improves maintainability and reduces configuration mistakes.

If you manage IP restrictions via the Messaging Configuration API, the IP restriction data now supports a description field alongside the IP range.

Knowledge Center: IP Address Restrictions

January 2026

Safeguard – Disable individual IP Address Restrictions

Improvement


You can now disable individual IP addresses or CIDR ranges without deleting them. Disabled IPs stay in your configuration but are no longer enforced — giving you more flexibility during maintenance, testing, or incident handling.

  • Temporarily turn off access for a specific IP/range

  • Quickly roll back by re-enabling the entry

  • Keep your configuration history intact

  • Reduce the risk of re-typing errors when re-adding IPs

November 2025

Restricting to TLS 1.3 for Business Messaging

Action required


CM.com will discontinue support for TLS 1.2 on all connections to our Business Messaging API and SMPP servers. To ensure uninterrupted service, please update your systems to support TLS 1.3.

  • Review your application configuration for the TLS version in use

  • Update your software or libraries — most modern versions already support TLS 1.3

  • Test your integration to confirm TLS 1.3 works end-to-end

June 2025

Safeguard Plus

New feature


We are pleased to announce the launch of Safeguard Plus, a comprehensive solution to protect your messaging traffic from Artificially Inflated Traffic (AIT). It gives businesses the tools to monitor and safeguard messaging operations, ensuring reliable communication and cost management.

  • Advanced Protection — Real-time AIT protection using machine learning, building on the existing Safeguard suite.

  • Dynamic Traffic Profiling — Continuously analyses your messaging patterns to flag irregularities with precision.

  • Flexible Modes — Monitoring Mode for insights without blocking; Blocking Mode to automatically stop suspicious traffic.

Read more on Safeguard Plus

February 2025

Safeguard

Improvement


We are updating the Block List for High-Risk Countries to 35 countries via CM.com Safeguard Destination Management, and lowering the minimal rate limit for Safeguard Rate Limiting.

  • Safeguard Destination Management — Effective March 1, 2025, new destinations added to the Block List for all existing accounts. Configure in Channels under API Access and Settings → Business Messaging Settings → Safeguard → Traffic destination restrictions.

  • Safeguard Rate Limiting — You can now set a maximum of 1 message per hour for individual recipients.

August 2024

OTT Bundle Overage

Improvement


Two updates to OTT Bundle management are now live.

  • Improved usage warning emails — Customers and account managers now receive a clearer email at 80% and 100% bundle usage, with guidance on where to view usage and explore upgrade options.

  • Automated overage invoicing — Starting September 1st, overage charges are automatically invoiced at PAYG pricing when the bundle is exceeded.

July 2024

OTT Bundle Overage

New feature


Per August 1, 2024 the OTT Bundle notification service will go live. Customers and account managers will receive an email at 80% and 100% bundle usage, sent in the customer's preferred language.

June 2024

Safeguard

Improvement


Effective July 1, 2024, new destinations will be added to the Block List for all existing accounts via CM.com Safeguard Destination Management.

Find your settings in Channels under API Access and Settings → Business Messaging Settings → Safeguard → Traffic destination restrictions.

April 2024

Safeguard – Rate Limiting & Suggested IP Addresses

New feature


We are introducing Safeguard Rate Limiting and expanding IP Address Restrictions with suggested IP addresses.

  • Recipient Limits — Cap messages sent to any single recipient per hour or day.

  • Account Limits — Cap total messages sent through your account per hour, day, week, or month.

  • Suggested IP Addresses — Known IP addresses from your recent traffic are now surfaced in Channels for easy addition to your restrictions.

Configure in Channels under API Access and Settings → Business Messaging Settings → Safeguard.

April 2024

Error Codes for OTT Channels

New feature


You can now receive clear, detailed error explanations for your OTT traffic via configured webhooks in Status Reports (DLRs). WhatsApp errors are now described using META's own error codes, replacing generic supplier messages. Error details are also visible in the Message Log tool on the CM Platform.

WhatsApp error codes reference

March 2024

Business Messaging API – Product Token in header

New feature

You can now provide your product token via the request header as an alternative to embedding it in the request body. This separates your credentials from request content and enhances flexibility. Currently available for the Europe region via gw.messaging.cm.com.

See the developer docs for details



March 2024

Safeguard – IP Address Restrictions

New feature


IP Address Restrictions provide a defense layer by permitting access exclusively to registered IP addresses or ranges. Even if your product token is compromised, IP restrictions act as a shield against unauthorized access.

Configure in Channels under API Access and Settings → Business Messaging Settings → Safeguard → IP Address Restrictions.

  • Only IPv4 addresses supported

  • CIDR prefix ranges supported

  • Two options: allow all, or maintain an explicit allowlist

Blocked HTTP connections receive Code 101: No account found for the given credentials. Blocked SMPP connections receive Bind failed.