Overview
With PowerDMARC’s Alerts feature, you no longer have to log in and out of your PowerDMARC account to see if there is an issue that needs attention. PowerDMARC has a feature called Alerts that can be used to monitor your domains, sending alerts to the proper team members when something requires their attention. A feature that allows you to stay on top of your security in a fast and simple way, Alerts help you get notified when any event occurs pertaining to changes in your Email DNS protocols, malicious activities perpetrated from your domain, or exceeding any specified threshold metric.
Domain events that can trigger an alert can be of various types. As part of PowerDMARC’s risk management suite, it instantly notifies you of key domain-related events via email as well as on the PowerDMARC portal for easy configuration and speedy recovery.
Note: PowerDMARC’s exclusive Alerts feature is only available on premium and enterprise plans.
How to Configure Alerts
First of all, you need to sign up for a PowerDMARC account to gain access to your PowerDMARC control panel (Alerts Feature exists in Enterprise and MSSP Premium Plans, you may contact your account manager for further details). While on the panel, navigate to Alerts on the left hand side menu, that cascades to reveal two hidden tabs: Configuration and Alerts.
Click on Configuration
In case you haven’t already added your domains to your account, simply click on +Add Domain to add all the domains for which you wish to configure alerts. Note that you should add only one domain per line. Click on Add Domains at the bottom of the page to save changes.
After successfully adding your domains, you will now be able to see them on your Alerts & Reporting page, wherein you can search for a particular domain to filter your results, or view all.
Types of Alerts
DNS Alerts
The first type of alerts you will receive notifications for are DNS alerts. DNS alerts allow you to monitor any change to your DNS records. We constantly monitor your DMARC, SPF, BIMI and MX records. So whenever a record is modified, deleted or if there is an error in any one of the published DNS records, you will get an alert.
Configuring DNS Alerts
Step 1: The process of enabling DNS alerts is simply navigating to your desired domains and activating the status of the alerts.
Step 2: Type in the email address(es) you want your alert reports to be sent to, and you’re done!
You can add multiple email addresses for receiving DNS alerts for any specific domain as shown below:
Once done, you will start receiving DNS alerts on your email. Given below is the example of how a DNS email alert looks like:
As you can see, the email provides you with important details at a glance, like:
The domain for which the alert was triggered
The reason why the alert was triggered
Option to view details by logging into your PowerDMARC account
When you click on view details you are redirected to the portal, wherein you can view the details of the DNS changes by configuring to Alerts, as shown below:
On the Alerts page you can view the history of the different DNS Alerts that were triggered for your domains, as well as the timeline during which they were triggered.
You can filter the alert details by choosing a specific domain from the search bar, selecting the type of DNS record (SPF, DMARC, MX or BIMI) you want to view details for, as well as choosing the state of the alert (in alarm, info, or ok).
In Alarm: A DNS incident was triggered and an action needs to be taken.
Ok: A previously triggered DNS incident has now been resolved.
Info: Informative Alerts that do not require any action
On filtering for a specific domain, you will be able to view the following details:
Domain ( the name of the domain for which the alert was triggered)
Record Type (the type of DNS record which triggered the alert)
Alert Type (The reason for which the alert was triggered)
Description (Detailed description of the error detected)
Triggered On (the date an the time on which the alert was triggered)
State (the state of alert: ok or in alarm)
As shown below:
Disabling DNS Alerts
You can disable specific DNS alerts for any specific domains by unchecking the box, as shown below:
OR,
You can disable all of your configured DNS alerts in one go by unchecking the box at the top of the table, as shown below:
Forensic Alerts
Forensic alerts help you get an email notification whenever a forensic incident is identified for any of your domains, such as a potentially malicious or un-aligned email being sent on behalf of your organization. This keeps you aware about spoofing or phishing attempts and helps you respond to them at a speedy pace.
Configuring Forensic Alerts
Step 1: The process of enabling Forensic alerts is simply navigating to your desired domains and activating the status of the alerts.
Step 2: Type in the email address(es) you want your alert reports to be sent to, and you’re done!
Once done, as soon as a forensic alert is triggered you will get an email notifying you about the alert. Given below is an example of one such email Forensic alert:
As you can see, the email provides you with important details at a glance, like:
A summary of the forensic incident that had taken place for which the alert was triggered
The address from which the email was sent (spoofer’s address)
The receiver’s email address
Subject of the email
Time of incident
The number of emails sent
The DMARC Policy mode
The Sending Domain
Sender's organization
Sender's IP
IP Country
Period Start
Period End
Option to view details by logging into your PowerDMARC account
Disabling Forensic Alerts
You can disable your Forensic alerts for any specific domains by unchecking the box, as shown below:
OR,
You can disable all of your configured Forensic alerts in one go by unchecking the box at the top of the table, as shown below:
Threshold Alerts
The last type of alert is the Threshold Alert, which helps you configure threshold to monitor your domain's overall compliance and get notified whenever a certain threshold is crossed, by comparing it against an absolute value or a percentage.
Configuring Threshold Alerts
Step 1: Click on +Add Configuration
Step 2: Select your domain from the dropdown list under Domain
Step 3: Select the desired metric according to your preference, for which you want an alert to be triggered, from the long list of predefined metrics
Step 4: Choose your desired condition
Step 5: Type in your desired value (you can also convert the value to percentage by enabling it)
Step 6: Add the interval for which you want to monitor your metric, in days.
Step 7: Specify the email address to which you want your threshold email alerts to be sent to
You will find an alert summary informing you when you will be getting a threshold alert. Click on Create to configure your threshold alert.
You will be able to see your configured alert now on the Alerting & Reporting page under the Threshold Alerts section, along with the date of configuration, as shown below:
You can cascade the domain to reveal details about the alert configuration, such as the date of configuration, the recipient email address, and action buttons for deleting or modifying the created alert.
Deleting/Modifying Your Threshold Alert
You can delete your Threshold Alert with a single click by clicking on the delete icon under Actions.
A prompt will appear asking you if you’re sure that you want to delete the alert. Click on Yes, delete it.
Similarly you can also modify your Threshold Alert by clicking on the icon specified for it under Actions, as shown below:
After making modifications simply click on Update to save changes.
Given below is an example of a Threshold email alert:
As you can see, the email provides you with important details at a glance, like:
The configuration details pertaining to the alert, such as the specified metric, condition, interval and value
The domain for which the alert was triggered
The reason why the alert was triggered
The time of detection
Option to view details by logging into your PowerDMARC account
State of Alert
Usually you’ll be able to see two main types of Threshold Alert state if your navigate to the Alerts page and view the details pertaining to Threshold Alerts on that page:
In Alarm: The configured Threshold alert was triggered and an action needs to be taken.
Ok: The state of alert has gone back to not exceeding the threshold.
Frequently Asked Questions
Why do I need to set up Alerts?
Instead of repeatedly logging in and out of your portal, PowerDMARC’s alerts help you get notified even via email with summarized details that you can view at a glance, whenever a DNS incident takes place. Whether they are changes made to your DNS records or domain spoofing attempts by fraudsters, it makes sure you are always up-to-date. Moreover you can choose your own threshold metrics for which you want to configure your alerts so as to get customized alerts that are tailored to your needs.
What is the purpose of DMARC Failure/Forensic RUF alerts?
DMAR Failure/Forensic RUF alerts let anyone understand why an email failed to get authenticated with DMARC. Forensic alerts contain Feedback headers and Mail headers which gives an insight on the email and by looking into it anyone will be able to understand why it failed and was it really from an authorized source or not.
Is there any provision where I can simultaneously add an email ID to all alerting mechanisms?
The alerting mechanism has been customized with granularity so that specific alerts can be directed to a relevant entity who will be solely handing a particular domain or a portion of it.
How many email IDs can be added for a specific alert?
There are no limitations on the number of email IDs that can be added for specific alerts.