Features Pricing
Learn
What is DMARC? What is SPF? What is DKIM? What is BIMI?
Free Tools
DMARC Checker SPF Checker DKIM Checker BIMI Checker MTA-STS Checker Blacklist Checker Header Analyzer Domain Scanner Phishing URL Checker Email Verification BIMI Logo Converter Academy Blog Docs About Contact
Sign in Start →

Slack Integration

Connect your Slack workspace to SpoofWard to receive real-time alerts and reports directly in your team's channels. Route different alert types to different channels so the right people see the right information without noise.

Business+ Feature

Slack integration is available on Business and Enterprise plans. Pro plans can use basic Slack webhooks via Alert Channels.

Connecting Your Slack Workspace

SpoofWard uses Slack's official OAuth flow to securely connect to your workspace. No manual webhook URLs are needed.

  1. Navigate to Settings → Integrations → Slack
  2. Click Connect Slack Workspace
  3. You will be redirected to Slack's authorization page
  4. Select the workspace you want to connect
  5. Review the permissions SpoofWard requests:
    • Post messages to channels
    • Read channel list (to populate channel selectors)
    • Upload files (for report attachments)
  6. Click Allow to authorize SpoofWard
  7. You will be redirected back to SpoofWard with a confirmation message
Tip

You must be a Slack workspace admin or have permission to install apps. If you do not have these permissions, ask your Slack administrator to approve the installation.

Channel Mapping

After connecting your workspace, configure which Slack channels receive each type of notification. This lets you keep security alerts separate from routine reports.

Available Alert Types

  • DNS Changes — Notifications when DNS records (DMARC, SPF, DKIM, MX) are added, modified, or removed
  • DMARC Failures — Alerts when email authentication failures exceed your configured thresholds
  • Threat Alerts — High-priority notifications for detected spoofing attempts, lookalike domains, or suspicious activity
  • Weekly Reports — Automated weekly summary of domain health, authentication rates, and threat activity
  • Domain Health Changes — Notifications when your DNS health score changes significantly
  • Certificate Alerts — Warnings about expiring TLS certificates or MTA-STS policy issues

Configuring Channel Mapping

  1. Navigate to Settings → Integrations → Slack
  2. Under Channel Mapping, click Add Mapping
  3. Select the alert type from the dropdown
  4. Select the target Slack channel from the channel picker
  5. Optionally set a minimum severity level (Low, Medium, High, Critical)
  6. Click Save

You can map multiple alert types to the same channel, or spread them across different channels. For example:

  • #security-alerts — Threat Alerts (High and Critical severity)
  • #dns-monitoring — DNS Changes, Domain Health Changes
  • #email-ops — DMARC Failures, Certificate Alerts
  • #weekly-reports — Weekly Reports

Notification Customization

Fine-tune what gets sent and how it appears in Slack.

Severity Filtering

Each channel mapping can be filtered by severity level. Set a minimum severity to reduce noise in high-priority channels:

  • Low — Informational events such as routine DNS checks completing
  • Medium — Notable events like minor configuration changes or moderate authentication dips
  • High — Significant issues requiring attention such as authentication failure spikes
  • Critical — Urgent situations like active spoofing attacks or DNS record hijacking

Domain Filtering

If you manage multiple domains, you can filter notifications per domain. Under each channel mapping, use the Domains selector to choose which domains trigger notifications in that channel. Leave it set to All Domains to receive alerts for every domain in your workspace.

Message Format

SpoofWard sends rich Slack messages using Block Kit formatting. Each notification includes:

  • Alert type and severity indicator (color-coded)
  • Affected domain name
  • Summary of the event
  • Direct link back to the relevant SpoofWard dashboard page
  • Timestamp

Testing the Integration

After configuring your channel mappings, verify everything works:

  1. Navigate to Settings → Integrations → Slack
  2. Click Send Test Notification next to any channel mapping
  3. Check the target Slack channel for the test message
  4. If the message does not appear, verify the channel exists and SpoofWard has been invited to it
Important

SpoofWard must be added to private channels before it can post messages there. In Slack, open the private channel and use /invite @SpoofWard to add the app.

Managing the Connection

  • Pause notifications — Temporarily disable all Slack notifications without removing the connection. Click Pause on the integration page.
  • Reconnect — If your Slack token expires or permissions change, click Reconnect to re-authorize.
  • Disconnect — Remove the Slack connection entirely. This stops all notifications and deletes stored credentials. Click Disconnect and confirm.

Troubleshooting

  • Notifications not arriving — Verify the channel mapping is active and the bot has been invited to the channel. Check the delivery log under Settings → Integrations → Slack → Delivery Log.
  • Authorization failed — Ensure you have admin permissions in the Slack workspace. Some workspaces restrict app installations to workspace owners.
  • Channel not listed — Click Refresh Channels to reload the channel list from Slack. Newly created channels may take a moment to appear.
  • Rate limiting — SpoofWard batches notifications to stay within Slack's rate limits. During high-volume events, some notifications may be grouped together.

Your domain is being tested right now.
Are you watching?

Protect your brand and improve deliverability — automatically, with continuous monitoring and alerts.

Start Free — No Credit Card View Pricing →