Configuring Alerts and Notifications

Learn how to set up alerts and notifications in MailSentinel to stay informed about email authentication issues.

Configuring Alerts and Notifications

MailSentinel provides configurable alerts to notify you when email authentication issues occur. This guide shows you how to set up and manage alerts.

Overview

MailSentinel can alert you about:

  • DMARC Failures - Emails failing authentication
  • SPF Issues - SPF validation problems
  • DKIM Problems - DKIM signing failures
  • DNS Changes - Unauthorized DNS record modifications
  • Policy Violations - DMARC policy enforcement issues

Step 1: Access Alert Settings

  1. Log in to your MailSentinel dashboard
  2. Click Settings in the sidebar
  3. Go to Alerts tab
  4. You'll see alert configuration options

Step 2: Configure Email Notifications

Add Notification Email

  1. In Alert Settings, find Notification Emails
  2. Click Add Email
  3. Enter your email address
  4. Click Verify Email
  5. Check your inbox for verification link
  6. Click the verification link

Multiple Notification Emails

You can add multiple email addresses:

  • Primary email - Main contact
  • Team emails - Additional team members
  • Escalation emails - For critical issues

Step 3: Configure Alert Types

DMARC Failure Alerts

When to Alert:

  • Emails failing DMARC authentication
  • DMARC pass rate drops below threshold
  • Policy violations detected

Configuration:

  1. Enable DMARC Failure Alerts
  2. Set Threshold (e.g., alert if pass rate < 95%)
  3. Choose Frequency:
    • Immediate - Alert as soon as issue detected
    • Daily Digest - Summary once per day
    • Weekly Summary - Summary once per week

Recommended Settings:

  • Threshold: 95% pass rate
  • Frequency: Daily digest for monitoring
  • Immediate for critical domains

SPF Validation Alerts

When to Alert:

  • SPF record not found
  • SPF validation errors
  • Too many DNS lookups
  • SPF record changes

Configuration:

  1. Enable SPF Validation Alerts
  2. Choose alert conditions:
    • SPF record missing
    • SPF validation fails
    • DNS lookup limit exceeded
    • SPF record changed

Recommended Settings:

  • Alert on all conditions
  • Immediate notifications
  • Critical for email deliverability

DKIM Signing Alerts

When to Alert:

  • DKIM records missing
  • DKIM validation failures
  • DKIM key expiration warnings

Configuration:

  1. Enable DKIM Signing Alerts
  2. Choose alert conditions:
    • DKIM record missing
    • DKIM validation fails
    • Key expiration warning (30 days)

Recommended Settings:

  • Alert on all conditions
  • Immediate notifications
  • Monitor key expiration

DNS Change Alerts

When to Alert:

  • DMARC record changed
  • SPF record modified
  • DKIM records updated
  • Unauthorized DNS changes

Configuration:

  1. Enable DNS Change Alerts
  2. Choose which records to monitor:
    • DMARC records
    • SPF records
    • DKIM records
    • All DNS records

Recommended Settings:

  • Monitor all authentication records
  • Immediate notifications
  • Critical for security

Step 4: Set Alert Thresholds

DMARC Pass Rate Threshold

Recommended Thresholds:

  • Critical: < 90% pass rate
  • Warning: < 95% pass rate
  • Info: < 98% pass rate

How to Set:

  1. Go to DMARC Alerts
  2. Set Pass Rate Threshold
  3. Choose alert level

Volume Thresholds

For High-Volume Domains:

  • Alert if failure volume > 1000/day
  • Alert if failure rate > 5%
  • Alert on sudden spikes

For Low-Volume Domains:

  • Alert on any failures
  • Alert if failure rate > 1%
  • More sensitive thresholds

Step 5: Configure Alert Frequency

Immediate Alerts

Use For:

  • Critical issues
  • Security concerns
  • DNS changes
  • High-priority domains

Configuration:

  • Enable Immediate Notifications
  • Set up email/SMS/webhook
  • Configure escalation rules

Daily Digest

Use For:

  • Monitoring mode
  • Non-critical issues
  • Summary reports
  • General awareness

Configuration:

  • Enable Daily Digest
  • Set delivery time (e.g., 9 AM)
  • Include summary statistics

Weekly Summary

Use For:

  • Long-term monitoring
  • Trend analysis
  • Management reports
  • Low-priority alerts

Configuration:

  • Enable Weekly Summary
  • Set delivery day (e.g., Monday)
  • Include weekly statistics

Step 6: Set Up Webhooks (Advanced)

Configure Webhook Endpoint

For Integration:

  • Slack notifications
  • Microsoft Teams alerts
  • Custom integrations
  • Automated responses

Configuration:

  1. Go to Webhooks section
  2. Click Add Webhook
  3. Enter webhook URL
  4. Choose events to send
  5. Test webhook
  6. Save configuration

Webhook Payload

Example Payload:

{
  "event": "dmarc_failure",
  "domain": "example.com",
  "timestamp": "2024-01-15T10:30:00Z",
  "details": {
    "pass_rate": 85.5,
    "failure_count": 150,
    "failure_reasons": ["SPF fail", "DKIM fail"]
  }
}

Step 7: Configure Per-Domain Alerts

Domain-Specific Settings

Different domains may need different alerts:

  • Production domains: Immediate alerts
  • Test domains: Daily digest
  • Marketing domains: Weekly summary

Configuration:

  1. Go to domain settings
  2. Click Alerts tab
  3. Override global settings
  4. Configure domain-specific alerts

Alert Examples

Example 1: Critical Production Domain

Settings:

  • DMARC failure: Immediate
  • SPF issues: Immediate
  • DKIM problems: Immediate
  • DNS changes: Immediate
  • Threshold: 95% pass rate

Use Case:

  • Main company domain
  • High email volume
  • Critical for business

Example 2: Monitoring Domain

Settings:

  • DMARC failure: Daily digest
  • SPF issues: Daily digest
  • DKIM problems: Weekly summary
  • DNS changes: Immediate
  • Threshold: 90% pass rate

Use Case:

  • New domain setup
  • Monitoring phase
  • Non-critical

Example 3: Test Domain

Settings:

  • DMARC failure: Weekly summary
  • SPF issues: Weekly summary
  • DKIM problems: Weekly summary
  • DNS changes: Immediate
  • Threshold: 80% pass rate

Use Case:

  • Development/testing
  • Low priority
  • Summary only

Best Practices for Alerts

1. Start Conservative

Initial Setup:

  • Begin with daily digest
  • Monitor for a week
  • Adjust based on needs
  • Avoid alert fatigue

2. Use Appropriate Thresholds

Consider:

  • Domain volume
  • Business criticality
  • Team capacity
  • Response time needed

3. Regular Review

Monthly Review:

  • Check alert effectiveness
  • Adjust thresholds
  • Remove unnecessary alerts
  • Optimize frequency

4. Escalation Rules

Set Up Escalation:

  • Level 1: Immediate team
  • Level 2: Management
  • Level 3: Escalation contact
  • Define response times

5. Test Your Alerts

Regular Testing:

  • Test alert delivery
  • Verify webhooks work
  • Check email delivery
  • Validate thresholds

Troubleshooting Alerts

Issue: Not Receiving Alerts

Solutions:

  1. Check email verification
  2. Check spam folder
  3. Verify alert settings enabled
  4. Check notification preferences
  5. Test alert delivery

Issue: Too Many Alerts

Solutions:

  1. Increase thresholds
  2. Change to daily digest
  3. Filter by severity
  4. Use weekly summary
  5. Adjust alert conditions

Issue: Missing Critical Alerts

Solutions:

  1. Lower thresholds
  2. Enable immediate alerts
  3. Check alert configuration
  4. Verify email addresses
  5. Test alert system

Next Steps

After configuring alerts:

  1. Monitor DMARC Reports - Track authentication status
  2. Review Dashboard - Understand your data
  3. Set Up Team Access - Share access with team
  4. Configure API Access - Integrate with your systems

Additional Resources