Alert Rules

Alert Rules let you create automated notifications for specific threat conditions. When a rule's conditions are met, SpoofWard sends an alert to your configured channels.

Pro+ Feature

Alert Rules are available on Pro, Business, and Enterprise plans.

Creating an Alert Rule

  1. Navigate to Threat Intelligence → Alert Rules
  2. Click Create Rule
  3. Configure the trigger condition:
    • Suspicious IP detected — Alert when a new IP sends email from your domain
    • Policy failure spike — Alert when failure rate exceeds a threshold
    • Forensic report received — Alert on every RUF report
    • Authentication failure — Alert on SPF/DKIM failures from specific senders
  4. Set the notification channel (Email, Slack, Teams, Discord)
  5. Click Save

Managing Rules

  • Enable/Disable — Toggle rules without deleting them
  • Edit — Change conditions or notification channels
  • Delete — Remove rules permanently

Make sure you have at least one Alert Channel configured before creating rules.

Your domain is being tested right now.
Are you watching?

Protect your brand and improve deliverability — automatically, with continuous monitoring and alerts.

Start Free — No Credit Card View Pricing →