DDMARC

Documentation

Learn how to integrate and use DDMARC

Docs/Using DDMARC/Alerts
5 minutes

Alerts & Notifications

Configure alerts to stay informed about authentication failures, new sending sources, and important changes to your email security.

Alert Types

On by default

Authentication Failures

Triggered when emails fail DMARC authentication

On by default

New Sending Source

Triggered when an unknown IP starts sending as your domain

On by default

DNS Record Changes

Triggered when your DMARC, SPF, or DKIM records change

On by default

Policy Recommendation

Suggestions to strengthen your DMARC policy

Off by default

Report Processing

Notifications about incoming report status

On by default

Certificate Expiry

Warning when MTA-STS certificates are expiring

Notification Channels

Choose where you want to receive alerts:

Email

Receive alerts via email to your registered address

Enabled by default for all users

Slack

Get alerts in your Slack channels

Requires Slack integration

Webhook

Send alerts to your own endpoints

Configure in API settings

Configuring Alerts

1

Access Alert Settings

Navigate to Settings → Alerts in your DDMARC dashboard.

Dashboard → Settings → Alerts
2

Enable/Disable Alert Types

Toggle each alert type on or off based on your preferences. You can also configure per-domain settings.

Enabled
Disabled
3

Set Thresholds

Configure when alerts should trigger to avoid notification fatigue:

Alert TypeThreshold Options
Authentication Failures> 10, 50, 100, or 500 per hour
New Sending SourceAny new IP, or > 10 emails from new IP
Failure Rate Spike> 5%, 10%, or 25% increase
4

Configure Delivery

Choose how you want to receive each alert type:

Instant

Receive immediately when triggered

Digest

Batched into hourly or daily summary

Quiet Hours

Suppress during specified times

Creating Custom Alert Rules

For advanced users, create custom rules with specific conditions:

Example Custom Rule
// Alert when failures from unknown IPs exceed threshold IF source.authorized = false AND result.dmarc = "fail" AND count > 50 per 1 hour THEN alert("critical")

Best Practices

  • Start with higher thresholds and lower as you understand your baseline
  • Use digest mode for informational alerts, instant for critical ones
  • Set up Slack for team visibility, email for individual accountability
  • Review and tune alert rules monthly based on actual incidents

Avoiding Alert Fatigue

Too many alerts can lead to important ones being ignored. Use these strategies:

  • • Mark known sending sources as authorized to reduce false positives
  • • Use digest mode for high-volume, low-priority alerts
  • • Set quiet hours for non-critical alerts outside business hours
  • • Regularly review and disable alerts you never act on

Next Steps

Slack Integration

Set up Slack for team notifications

Webhook API

Build custom alert integrations