If you're responsible for maintaining web or mail servers, monitoring health and performance is always a good idea. Enabling reporting will give you great insight and keep you posted on possible issues. Unfortunately, browsing through thousands of reports daily can be pretty time-consuming. At URIports, we understand this only too well, which is why we created notifications.
By regularly digesting reports, we can detect possible misconfigurations or issues with your services. This allows us to notify you when something might be wrong and needs your immediate attention.
We'll send you a notification in the following scenarios:
HTTP 404 error
Multiple sources triggered an HTTP 404 (Page not Found) error. This would indicate that a file or page was deleted or moved or the link contains an error.
HTTP 5xx error
Multiple sources triggered an HTTP 5xx error. Your server responded with a service unavailable error. This would indicating that the webserver is too busy or down.
HTTP TLS error
Multiple sources experienced TLS errors while communicating with your website. These errors could indicate a configuration error or a problem with your SSL certificate (expired/hostname mismatch).
IP address unreachable
Multiple sources triggered a tcp.address_unreachable (The IP address is unreachable) error. This would indicate that the webserver is down or experiencing connectivity issues.
TCP Refused error
Multiple sources triggered a tcp.refused (The TCP connection was refused by the server) error. This would indicate that the webserver is down or unavailable.
SMTP TLS-RPT error
Multiple sources registered SMTP TLS-RPT errors. These errors occur when something is wrong with your mail server or its certificate. For example, a certificate could have a hostname mismatch or may have expired. This error could also indicate a MiTM attack.
No MTA-STS or DANE policy found
Reports indicate that your domain does not have a valid MTA-STS or DANE policy. Having an SMTP TLS-RPT policy without them will only result in useless reports. Ideally, it would be best if you implemented both MTA-STS and DANE. More about this in our blog.
Sudden email count increase
A dramatic increase in emails being sent from hostnames that are in your SPF policy (e.g., your mail servers) could indicate a malicious script sending emails on your behalf.
DKIM Unsupported algorithms
Reports indicate that email messages were signed using weak, obsolete, or experimental algorithms. For example, this happens when email messages are being signed with algorithms other than rsa-sha256.
SPF Auth Result permerror
Multiple sources registered an SPF Auth Result value "permerror". This happens when there's a syntax error in your SPF policy or when you have multiple v=spf1 entries configured in your DNS.
SPF Auth Result none
Multiple sources registered an SPF Auth Result value "none". This means that the (sub)domain has alignment but does not have an SPF policy. If you want these messages to pass SPF, you should create an SPF policy that whitelists the IP sources (e.g.,
v=spf1 a -all). If you want these messages to fail, you should publish
Multiple sources registered an Expect-CT failure. There is a problem with the host's deployment of Certificate Transparency. Either there were no SCTs, or one or more were invalid.
Domain DNS servers out of sync
We regularly check your SPF, DKIM, DMARC, MTA-STS, DANE, and TLS-RPT DNS records. We've received inconsistent record values from the different DNS servers.
New CSP violations
Multiple sources triggered a new CSP violation. This may indicate that malicious code has landed on your website or that a legitimate source is not correctly allowlisted.
DMARC failure rate increase
Reports show a significant increase in the number of messages that failed DMARC validation. This could indicate a malicious party is sending email messages on behalf of the domain or issues with the DKIM and/or SPF configuration.
URIports' current processing rate will not be enough to process the full report quota for the rest of the month. See the dashboard to determine which report type consumes the most and whether (a) the problem can be resolved or (b) the offending report type can be blocked. In the event of a Network-Error-Logging-reports notification, you can adjust the success/failure ratio to limit the number of reports we receive.
For easier troubleshooting, each notification comes with a link that forwards you to the report that triggered the notification.
Push notifications and email
By configuring push notifications, you'll be able to receive notifications instantly via the Telegram messaging platform or hourly, daily, or weekly via email. So you can set-and-forget URIports, and we'll keep you posted on anything worth investigating.