Back to Course
Լight modeDark mode

PowerAlerts

PowerAlerts keep you updated on domain-related events and incidents over your specified email address, so that you can take action at a much speedy pace. The Alerts feature is highly customizable. You can configure alerts to be generated when a metric that is specified by you, exceeds a threshold.

How Does the Alerts Feature Work?

PowerDMARC’s Alerting engine monitors your domain and makes you aware of domain-related incidents in real-time. You specify the type of DNS changes and metrics that you want to be tracked and an email alert is sent to your specified address whenever such an alert is triggered. This way you don’t have to repeatedly log in to your portal to gain visibility. You’ll be able to remotely monitor your domains with the help of DMARC Email Notifications directly from your mailbox, taking action against issues more quickly.

PowerAlerts Generates DMARC Alerts Pertaining to 3 Different Categories:

DNS Alerts 

  • Enable DNS Monitoring for Your Domains DNS Alerts 
  • Get notified of any changes made or errors detected on your Email-related DNS records (SPF, DMARC, BIMI, MX) 
  • Get notified of any changes made or errors detected on your Email-related DNS records 
  • Read alert details at a glance with a link to view more on your PowerDMARC portal 
  • Enjoy easy alert configuration with just a few clicks 
  • Receive alerts on multiple email addresses as per your convenience Enable and disable alerts with a single click 
  • Monitor the Email DNS protocols DMARC, SPF, MX and BIMI

Forensic Alerts

  • Get notified on DMARC Failure/forensic incidents triggered for your domains such as alignment failures, domain spoofing or phishing attempts, and other forms of impersonation attacks 
  • View the details of the incident, starting from the sender’s IP address, country, the time period during which the alert was triggered and much more, to take action against impersonation attacks faster 
  • Enjoy easy alert configuration with just a few clicks 
  • Receive alerts on multiple email addresses at your convenience 
  • Enable and disable alerts with a single click

Threshold Alerts

  • Customize your alerts with a metric of your choice to get notified when a threshold is crossed
  • Choose from a long list of metrics that allow you to set your own thresholds 
  • Add the desired timeline for which you want to configure your alerts and monitor the metric 
  • Receive alerts on multiple email addresses at your convenience 
  • Modify alert specifications or delete your alerts with a single click

Why Do You Need Alerts?

Alerts are an imperative addition to your domains’ DMARC configuration. Whether you are in the monitoring phase of your DMARC deployment, or at DMARC enforcement, alerts help you stay up-to-date on all domain-related events. Alerts give you at-a-glance, as well as detailed insight into your domains, instantly notifying you of email-related DNS changes, impersonation attempts, and when a threshold metric specified by you for your domain is crossed. It helps you gain awareness on incidents and take action against them faster.

How to Configure Alerts

First of all, you need to sign up for a PowerDMARC account to gain access to your PowerDMARC control panel (Alerts Feature exists in Enterprise and MSSP Premium Plans, you may contact your account manager for further details). While on the panel, navigate to PowerAlerts on the left-hand side menu, which cascades to reveal two hidden tabs: Configuration and Alerts. 

Click on Configuration

 

In case you haven’t already added your domains to your account, simply click on +Add Domain to add all the domains for which you wish to configure alerts. Note that you should add only one domain per line. Click on Add Domains at the bottom of the page to save changes. 

 

After successfully adding your domains, you will now be able to see them on your Alerts & Reporting page, wherein you can search for a particular domain to filter your results or view all.

Types of Alerts 

DNS Alerts 

The first type of alerts you will receive notifications for are DNS alerts. DNS alerts allow you to monitor any change to your DNS records. We constantly monitor your DMARC, SPF, BIMI and MX records. So whenever a record is modified, deleted or if there is an error in any one of the published DNS records, you will get an alert. 

Configuring DNS Alerts 

Step 1: The process of enabling DNS alerts is simply navigating to your desired domains and activating the status of the alerts.  

Step 2: Type in the email address(es) you want your alert reports to be sent to, and you’re done! 

You can add multiple email addresses for receiving DNS alerts for any specific domain as shown below: 

 

Once done, you will start receiving DNS alerts on your email. Given below is the example of how a DNS email alert looks like: 

 

As you can see, the email provides you with important details at a glance, like: 

The domain for which the alert was triggered

The reason why the alert was triggered

Option to view details by logging into your PowerDMARC account 

 

When you click on view details you are redirected to the portal, wherein you can view the details of the DNS changes by configuring to Alerts, as shown below: 

 

 

On the Alerts page you can view the history of the different DNS Alerts that were triggered for your domains, as well as the timeline during which they were triggered. 

You can filter the alert details by choosing a specific domain from the search bar, selecting the type of DNS record (SPF, DMARC, MX or BIMI) you want to view details for, as well as choosing the state of the alert (in alarm, info, or ok). 

In Alarm: A DNS incident was triggered and an action needs to be taken.

Ok: A previously triggered DNS incident has now been resolved. 

Info: Informative Alerts that do not require any action

On filtering for a specific domain, you will be able to view the following details: 

Domain ( the name of the domain for which the alert was triggered) 

Record Type (the type of DNS record which triggered the alert) 

Alert Type (The reason for which the alert was triggered)

Description (Detailed description of the error detected) 

Triggered On (the date an the time on which the alert was triggered) 

State (the state of alert: ok or in alarm) 

As shown below:

Disabling DNS Alerts 

You can disable specific DNS alerts for any specific domains by unchecking the box, as shown below: 

OR, 

 

You can disable all of your configured DNS alerts in one go by unchecking the box at the top of the table, as shown below: 

Forensic Alerts 

Forensic alerts help you get an email notification whenever a forensic incident is identified for any of your domains, such as a potentially malicious or un-aligned email being sent on behalf of your organization. This keeps you aware about spoofing or phishing attempts and helps you respond to them at a speedy pace. 

Configuring Forensic Alerts 

Step 1: The process of enabling Forensic alerts is simply navigating to your desired domains and activating the status of the alerts.  

 

Step 2: Type in the email address(es) you want your alert reports to be sent to, and you’re done! 

 

Once done, as soon as a forensic alert is triggered you will get an email notifying you about the alert. Given below is an example of one such email Forensic alert: 

 

As you can see, the email provides you with important details at a glance, like: 

A summary of the forensic incident that had taken place for which the alert was triggered

The address from which the email was sent (spoofer’s address)

The receiver’s email address

Subject of the email

Time of incident

The number of emails sent

The DMARC Policy mode

The Sending Domain

Sender's organization

Sender's IP

IP Country

Period Start

Period End

Option to view details by logging into your PowerDMARC account 

 

Disabling Forensic Alerts

You can disable your Forensic alerts for any specific domains by unchecking the box, as shown below: 

OR, 

 

You can disable all of your configured Forensic alerts in one go by unchecking the box at the top of the table, as shown below: 

Threshold Alerts 

The last type of alert is the Threshold Alert, which helps you configure threshold to monitor your domain's overall compliance and get notified whenever a certain threshold is crossed, by comparing it against an absolute value or a percentage. 

Configuring Threshold Alerts

Step 1: Click on +Add Configuration 

 

Step 2: Select your domain from the dropdown list under Domain

 

Step 3: Select the desired metric according to your preference, for which you want an alert to be triggered, from the long list of predefined metrics 

 

Step 4: Choose your desired condition

 

Step 5: Type in your desired value (you can also convert the value to percentage by enabling it)

Step 6: Add the interval for which you want to monitor your metric, in days. 

 

Step 7: Specify the email address to which you want your threshold email alerts to be sent to

 

You will find an alert summary informing you when you will be getting a threshold alert. Click on Create to configure your threshold alert. 

 

You will be able to see your configured alert now on the Alerting & Reporting page under the Threshold Alerts section, along with the date of configuration, as shown below: 

You can cascade the domain to reveal details about the alert configuration, such as the date of configuration, the recipient email address, and action buttons for deleting or modifying the created alert. 

 

Deleting/Modifying Your Threshold Alert 

You can delete your Threshold Alert with a single click by clicking on the delete icon under Actions. 

 

A prompt will appear asking you if you’re sure that you want to delete the alert. Click on Yes, delete it. 

 

 

Similarly you can also modify your Threshold Alert by clicking on the icon specified for it under Actions, as shown below: 

 

After making modifications simply click on Update to save changes. 

 

Given below is an example of a Threshold email alert: 

 

As you can see, the email provides you with important details at a glance, like: 

The configuration details pertaining to the alert, such as the specified metric, condition, interval and value

The domain for which the alert was triggered

The reason why the alert was triggered

The time of detection

Option to view details by logging into your PowerDMARC account 

State of Alert

 Usually you’ll be able to see two main types of Threshold Alert state if your navigate to the Alerts page and view the details pertaining to Threshold Alerts on that page: 

In Alarm: The configured Threshold alert was triggered and an action needs to be taken. 

Ok: The state of alert has gone back to not exceeding the threshold. 

 

Frequently Asked Questions 

 

Why do I need to set up Alerts? 

Instead of repeatedly logging in and out of  your portal, PowerDMARC’s alerts help you get notified even via email with summarized details that you can view at a glance, whenever a DNS incident takes place. Whether they are changes made to your DNS records or domain spoofing attempts by fraudsters, it makes sure you are always up-to-date. Moreover, you can choose your own threshold metrics for which you want to configure your alerts so as to get customized alerts that are tailored to your needs. 

What is the purpose of DMARC Failure/Forensic RUF alerts?

DMAR Failure/Forensic RUF alerts let anyone understand why an email failed to get authenticated with DMARC. Forensic alerts contain Feedback headers and Mail headers which give an insight into the email and by looking into it anyone will be able to understand why it failed and whether it was really from an authorized source or not.

Is there any provision where I can simultaneously add an email ID to all alerting mechanisms?

The alerting mechanism has been customized with granularity so that specific alerts can be directed to a relevant entity that will be solely handling a particular domain or a portion of it.

How many email IDs can be added for a specific alert?

There are no limitations on the number of email IDs that can be added for specific alerts. 

 
Course content
Advanced Email Authentication Course