Views:
With DMARCDirector's Alerts feature, you no longer have to login and out of your DMARCDirector account to see if there is an issue that needs attention. DMARCDirector has a feature called Alerts that can be used to monitor your domain, sending alerts to the proper team members when something requires their attention. A feature that allows you to stay on top of your security in a fast and simple way, Alerts help you get notified when any event occurs pertaining to changes in your Email DNS protocols, malicious activities perpetrated from your domain, or exceeding any specified threshold metric.
 
Domain events that can trigger an alert can be of various types. As part of DMARCDirector's risk management suite, it instantly notifies you of key domain-related events via email as well as on the PowerDMARC portal for easy configuration and speedy recovery.
 
How to Configure Alerts
First of all, you need to sign up for a DMARCDirector account to gain access to your DMARCDirector control panel. While on the panel, navigate to PowerAlerts on the left side menu, that cascades to reveal two hidden tabs, Configuration and Alerts.

 
Click on Configuration

 
In case you haven't added your domain to your account, simply click on +Add Domain to add all the domain for which you wish to configure alerts. Note that you should add only one domain per line. Click on Add Domains at the bottom of the page to save changes.

 
After successfully adding your domain, you will now be able to see them on your Alerts & Reporting page, wherein you can search for a particular domain to filter your results, or view all.
 
Types of Alerts
 
  1. DNS Alerts
    1. The first type of alerts you will receive notifications for are DNS alerts. DNS alerts allow you to monitor any changes to your DNS records. We constantly monitor your DMARC, SPF, BIMI, and MX records. So whenever a record is modified deleted or if there is an error in any one of the published DNS records, you will get an alert.

 
Configuring DNS Alerts
 
Step 1. The process of enabling DNS alerts is simply navigating to your desired domains and activating the status of the alerts.

 
Step 2. Type in the email address(es) you want your alert reports to be sent to. You can add multiple email addresses for receiving DNS alerts for any specific domain as shown below:

 
Once done, you will start receiving DNS alerts in your email. Given below is an example of how a DNS email alert looks like:

 
As you can see, the email provides you with information details at a glance, like
  • The domain for which the alert was triggered.
  • The reason why the alert was triggered.
  • Option to view details by logging into your DMARCDirector account.
 
When you click on view details you are redirected to the portal, wherein you can view the details of the DNS changes by configuring to Alerts, as shown below.

 

 
On the Alert page you can view the history of the different DNS alerts that were triggered for your domains, as well as the timeline during which they were triggered.
 
You can filter the alerts detail by choosing a specific domain from the search bar, selecting the type of DNS record (SPF, DMARC, MX or BIMI) you want to view details for, as well as choosing the state of the alert (in alarm, info, or ok).
 
In Alarm: A DNS incident was triggered, and an action needs to be taken.
Ok: A previously triggered DNS incident has now been resolved.
Info: Informative Alerts that do not require any action.
 
On filtering for a specific domain, you will be able to view the following details:
 
  • Domain (The name of the domain for which the alert was triggered)
  • Record Type (The type of DNS record which triggered the alert)
  • Alert Type (The reason for which the alert was triggered)
  • Description (Detailed description of the error detected)
  • Triggered On (The date and the time on which the alert was triggered)
  • State (The state of alert: ok or in alarm)
 
Below is an example of these alerts:

 
Disable DNS Alerts
 
You can disable specific DNS alerts for any specific domains by unchecking the box, as shown below:

 
You can also disable all of your configured DNS alerts in one go by unchecking the box at the top of the table, as shown below.

 
 
Forensic Alerts
Forensic alerts help you get an email notification whenever a forensic incident is identified for any of your domains, such as a potentially malicious or unaligned email being sent on behalf of your organization. This keeps you aware about spoofing or phishing attempts and helps you respond to them at a speedy pace.
 
Configure Forensic Alerts
  1. The process of enabling Forensic alerts is simply navigating to your desired domains and activating the status of the alerts.


 

  1. Type in the email address(es) you want your alert reports to be sent to, and you're done.


 
Once done, as soon as a forensic alert is triggered you will get an email notifying you about the alert. Given below is an example of one such email of a Forensic alert.

 
As you can see, the email provides you with important details at a glance, like:

  • A summary of the forensic incident that had taken place for which the alert was triggered.
  • The address from which the email was sent (spoofer's address).
  • The receiver's email address.
  • Subject of the email
  • Time of incident
  • The number of emails sent.
  • The DMARC Policy mode
  • The Sending Domain
  • Sender's organization
  • Sender's IP
  • IP Country
  • Period Start
  • Period End
  • Option to view details by logging into your DMARCDirector account.
 
Disabling Forensic Alerts
You can disable your Forensic alerts by any specific domain by unchecking the box or you can disable all of your configured Forensic alerts in one go by unchecking the box at the top of the table, as shown below.

 

 
  1. Threshold Alerts
The last type of alert is the Threshold Alert, which helps you configure threshold to monitor your domain's overall compliance and get notified whenever a certain threshold is crossed, by comparing it against an absolute value or a percentage.
 
Configuring Threshold Alerts
 
Step 1: Click on +Add Configuration

 
Step 2: Select your domain from the dropdown list under Domain.

 
Step 3: Select the desired metric according to your preference, for which you want an alert to be triggered, from the long list of predefined metrics.

 
Step 4: Choose your desired condition.

 
Step 5: Type in your desired value (you can also convert to value to percentage by enabling it).

 
Step 6: Add the interval for which you want to monitor your metric, in days.

 
Step 7: Specify the email address to which you want your threshold email alerts to be sent to.

 
You will find an alert summary informing you when you will be getting a threshold alert. Click on Create to configure your threshold alert.

 
You will be able to see your configured alert now on the Alerting & Reporting page under the Threshold Alerts section along with the date of configuration, as shown below.

 
You can cascade the domain to reveal details about the alert configuration, such as the date of configuration, the recipient email address, an action buttons for deleting or modifying the created alert.

 
Deleting/Modifying Your Threshold Alert
 
You can delete your Threshold Alerts with a single click by clicking on the delete icon under Actions. A prompt will appear asking you if you're sure that you want to delete the alert. Clock on Yes, delete it.

 

 
Similarly, you can also modify your Threshold Alert by click on the icon specified for it under Actions. After making modifications simply click on Update to save changes.

 

 
Given below is an example of a Threshold email alert:

 
As you can see, the email provides you with important details at a glance, like:
  • The configuration details pertaining to the alert, such as the specified metric, condition, interval and value.
  • The domain for which the alert was triggered.
  • The reason why the alert was triggered.
  • The time of detection
  • Option to view details by logging into the DMARCDirector account.
 
State of Alert
 
Usually, you'll be able to see two main types of Threshold Alert state if you navigate to the Alerts page and view the details pertaining to Threshold Alerts on that page:
 
  1. In Alarm: The configured Threshold alert was triggered, and an action needs to be taken.

 
  1. Ok: The state of alert has gone back to not exceeding the threshold.

 
 
 
Frequently Asked Questions
 
Why do I need to set up Alerts?
Instead of repeatedly logging in and out of your portal, DMARCDirector's alerts help you get notified even via email with summarized details that you can view at a glance, whenever a DNS incident takes place. Whether they are changes made to your DNS records or domain spoofing attempts by fraudsters, it makes sure you are always up to date. Moreover, you can choose your own threshold for which you want to configure your alerts and get customized alerts that are tailored to your needs.
 
What is the purpose of DMARC Failure/Forensic RUF alerts?
DMARC Failure/Forensic RUF alerts let anyone understand why an email failed to get authenticated with DMARC. Forensic alerts contain Feedback headers and Mail headers which give an insight on the email and by looking into it anyone will be able to understand why it failed and was it really from an authorized source or not.
 
Is there any provision where I can simultaneously add an email ID to all alerting mechanisms?
The alerting mechanism has been customized with granularity so that specific alerts can be directed to a relevant entity who will be solely handling a particular domain or a portion of it.
 
How many email IDs can be added for a specific alert?
There are no limitations on the number of email IDs that can be added for specific alerts.
 
 
Keywords: Learn how to create PowerAlerts reports in the DMARCDirector portal.

Related Articles (5)

DKIM Authentication For iContact Enable Two Factor Authentication in DMARCDirector Enabling DKIM with Proofpoint Microsoft Office 365 - Enable DKIM What is PowerSPF?