Back to Course
Լight modeDark mode

PowerAlerts

Overview 

With PowerDMARC’s Alerts feature, you no longer have to log in and out of your PowerDMARC account to see if there is an issue that needs attention. PowerDMARC has a feature called Alerts that can be used to monitor your domains, sending alerts to the proper team members when something requires their attention. 

A feature that allows you to stay on top of your security in a fast and simple way, Alerts help you get notified when any event occurs pertaining to changes in your Email DNS protocols, malicious activities perpetrated from your domain, or exceeding any specified threshold metric. 

Domain events that can trigger an alert can be of various types. As part of PowerDMARC’s risk management suite, it instantly notifies you of key domain-related events via email as well as on the PowerDMARC portal for easy configuration and speedy recovery. 

How to Configure Alerts

First of all, you need to sign up for a PowerDMARC account to gain access to your PowerDMARC control panel (Alerts Feature exists in Enterprise and MSSP Premium Plans, you may contact your account manager for further details). While on the panel, navigate to Alerts on the left-hand side menu, which cascades to reveal two hidden tabs: Configuration and Alerts. 

Click on Configuration

In case you haven’t already added your domains to your account, simply click on +Add Domain to add all the domains for which you wish to configure alerts. Note that you should add only one domain per line. Click on Add Domains at the bottom of the page to save changes. 

 

After successfully adding your domains, you will now be able to see them on your Alerts & Reporting page, wherein you can search for a particular domain to filter your results or view all.

Types of Alerts 

DNS Alerts 

The first type of alerts you will receive notifications for are DNS alerts. DNS alerts allow you to monitor any change to your DNS records. We constantly monitor your DMARC, SPF, BIMI and MX records. So whenever a record is modified, deleted or if there is an error in any one of the published DNS records, you will get an alert. 

Configuring DNS Alerts 

Step 1: The process of enabling DNS alerts is simply navigating to your desired domains and activating the status of the alerts.  

Step 2: Type in the email address(es) you want your alert reports to be sent to, and you’re done! 

You can add multiple email addresses for receiving DNS alerts for any specific domain as shown below: 

 

Once done, you will start receiving DNS alerts on your email. Given below is an example of what a DNS email alert looks like: 

 

As you can see, the email provides you with important details at a glance, like: 

  • The domain for which the alert was triggered
  • The reason why the alert was triggered
  • Option to view details by logging into your PowerDMARC account 

When you click on view details you are redirected to the portal, wherein you can view the details of the DNS changes by configuring to Alerts, as shown below: 

 

 

On the Alerts page, you can view the history of the different DNS Alerts that were triggered for your domains, as well as the timeline during which they were triggered. 

You can filter the alert details by choosing a specific domain from the search bar, selecting the type of DNS record (SPF, DMARC, MX or BIMI) you want to view details for, as well as choosing the state of the alert (in alarm, info, or ok). 

  1. In Alarm: A DNS incident was triggered and an action needs to be taken.
  2. Ok: A previously triggered DNS incident has now been resolved. 
  3. Info: Informative Alerts that do not require any action

On filtering for a specific domain, you will be able to view the following details: 

  • Domain ( the name of the domain for which the alert was triggered) 
  • Record Type (the type of DNS record which triggered the alert) 
  • Alert Type (The reason for which the alert was triggered)
  • Description (Detailed description of the error detected) 
  • Triggered On (the date and the time on which the alert was triggered) 
  • State (the state of alert: ok or in alarm) 

As shown below:

Disabling DNS Alerts 

You can disable specific DNS alerts for any specific domains by unchecking the box, as shown below: 

OR, 

You can disable all of your configured DNS alerts in one go by unchecking the box at the top of the table, as shown below: 

Forensic Alerts 

Forensic alerts help you get an email notification whenever a forensic incident is identified for any of your domains, such as a potentially malicious or unaligned email being sent on behalf of your organization. This keeps you aware of spoofing or phishing attempts and helps you respond to them at a speedy pace. 

Configuring Forensic Alerts 

Step 1: The process of enabling Forensic alerts is simply navigating to your desired domains and activating the status of the alerts.  

 

Step 2: Type in the email address(es) you want your alert reports to be sent to, and you’re done! 

 

Once done, as soon as a forensic alert is triggered you will get an email notifying you about the alert. Given below is an example of one such email Forensic alert: 

As you can see, the email provides you with important details at a glance, like: 

  1. A summary of the forensic incident that had taken place for which the alert was triggered
  2. The address from which the email was sent (spoofer’s address)
  3. The receiver’s email address
  4. The subject of the email
  5. Time of incident
  6. The number of emails sent
  7. The DMARC Policy mode
  8. The Sending Domain
  9. Sender's organization
  10. Sender's IP
  11. IP Country
  12. Period Start
  13. Period End
  14. Option to view details by logging into your PowerDMARC account 

Disabling Forensic Alerts

You can disable your Forensic alerts for any specific domains by unchecking the box, as shown below: 

OR, 

You can disable all of your configured Forensic alerts in one go by unchecking the box at the top of the table, as shown below: 

Threshold Alerts 

The last type of alert is the Threshold Alert, which helps you configure a threshold to monitor your domain's overall compliance and get notified whenever a certain threshold is crossed, by comparing it against an absolute value or a percentage. 

Configuring Threshold Alerts

Step 1: Click on +Add Configuration 

 

Step 2: Select your domain from the dropdown list under Domain

Step 3: Select the desired metric according to your preference, for which you want an alert to be triggered, from the long list of predefined metrics 

Step 4: Choose your desired condition

Step 5: Type in your desired value (you can also convert the value to a percentage by enabling it)

Step 6: Add the interval for which you want to monitor your metric, in days. 

Step 7: Specify the email address to which you want your threshold email alerts to be sent to

You will find an alert summary informing you when you will be getting a threshold alert. Click on Create to configure your threshold alert. 

You will be able to see your configured alert now on the Alerting & Reporting page under the Threshold Alerts section, along with the date of configuration, as shown below: 

You can cascade the domain to reveal details about the alert configuration, such as the date of configuration, the recipient email address, and action buttons for deleting or modifying the created alert. 

Deleting/Modifying Your Threshold Alert 

You can delete your Threshold Alert with a single click by clicking on the delete icon under Actions. 

A prompt will appear asking you if you’re sure that you want to delete the alert. Click on Yes, delete it. 

 

 

Similarly, you can also modify your Threshold Alert by clicking on the icon specified for it under Actions, as shown below: 

After making modifications simply click on Update to save changes. 

Given below is an example of a Threshold email alert: 

As you can see, the email provides you with important details at a glance, like: 

  1. The configuration details pertaining to the alert, such as the specified metric, condition, interval, and value
  2. The domain for which the alert was triggered
  3. The reason why the alert was triggered
  4. The time of detection
  5. Option to view details by logging into your PowerDMARC account 

State of Alert

 Usually, you’ll be able to see two main types of Threshold Alert state if you navigate to the Alerts page and view the details pertaining to Threshold Alerts on that page: 

In Alarm: The configured Threshold alert was triggered and action needs to be taken. 

Ok: The state of alert has gone back to not exceeding the threshold. 

Frequently Asked Questions 

Why do I need to set up Alerts? 

Instead of repeatedly logging in and out of  your portal, PowerDMARC’s alerts help you get notified even via email with summarized details that you can view at a glance, whenever a DNS incident takes place. Whether they are changes made to your DNS records or domain spoofing attempts by fraudsters, it makes sure you are always up-to-date. 

Moreover, you can choose your own threshold metrics for which you want to configure your alerts so as to get customized alerts that are tailored to your needs. 

What is the purpose of DMARC Failure/Forensic RUF alerts?

DMARC Failure/Forensic RUF alerts let anyone understand why an email failed to get authenticated with DMARC. Forensic alerts contain Feedback headers and Mail headers which give an insight into the email and by looking into it anyone will be able to understand why it failed and whether it was really from an authorized source or not.

Is there any provision where I can simultaneously add an email ID to all alerting mechanisms?

The alerting mechanism has been customized with granularity so that specific alerts can be directed to a relevant entity that will be solely handling a particular domain or a portion of it.

How many email IDs can be added for a specific alert?

There are no limitations on the number of email IDs that can be added for specific alerts. 

Other Features >PowerAlerts
Course content
Advanced Email Authentication Course