Monitoring health and performance is always a good idea if you're responsible for maintaining web or mail servers. Enabling reporting will give you great insight and keep you posted on possible issues. Unfortunately, browsing through thousands of reports daily can be pretty time-consuming. At URIports, we understand this too well, so we created notifications.
By regularly digesting reports, we can detect possible misconfigurations or issues with your services. This lets us notify you when something might be wrong and needs your immediate attention.
We'll send you a notification in the following scenarios:
HTTP 404 error
Multiple sources triggered an HTTP 404 (Page not Found) error. This would indicate that a file or page was deleted or moved or the link contains an error.
HTTP 5xx error
Multiple sources triggered an HTTP 5xx error. Your server responded with a service unavailable error. This would indicate that the web server is too busy or down.
HTTP TLS error
Multiple sources experienced TLS errors while communicating with your website. These errors could indicate a configuration error or a problem with your SSL certificate (expired/hostname mismatch).
IP address unreachable
Multiple sources triggered a tcp.address_unreachable (The IP address is unreachable) error. This would indicate that the webserver is down or experiencing connectivity issues.
TCP Refused error
Multiple sources triggered a tcp.refused (The TCP connection was refused by the server) error. This would indicate that the webserver is down or unavailable.
SMTP TLS-RPT error
Multiple sources registered SMTP TLS-RPT errors. These errors occur when something is wrong with your mail server or its certificate. For example, a certificate could have a hostname mismatch or may have expired. This error could also indicate a MiTM attack.
No MTA-STS or DANE policy found
Reports indicate that your domain does not have a valid MTA-STS or DANE policy. Having an SMTP TLS-RPT policy without them will only result in useless reports. Ideally, it would be best if you implemented both MTA-STS and DANE. More about this is in our blog.
Sudden email count increase
A dramatic increase in emails sent from hostnames that are allowlisted in your SPF policy (e.g., your mail servers) could indicate a malicious script sending emails on your behalf.
Sudden DMARC failure report count increase
A significant increase in DMARC failure reports may indicate an active email spoofing attack on behalf of your domain.
DKIM Unsupported algorithms
Reports indicate that email messages were signed using weak, obsolete, or experimental algorithms. For example, this happens when email messages are signed with algorithms other than rsa-sha256.
SPF Auth Result permerror
Multiple sources registered an SPF Auth Result value "permerror". This happens when there's a syntax error in your SPF policy or when you have multiple v=spf1 entries configured in your DNS.
SPF Auth Result none
Multiple sources registered an SPF Auth Result value "none". This means that the (sub)domain has alignment but does not have an SPF policy. If you want these messages to pass SPF, you should create an SPF policy that allows the IP sources (e.g.,
v=spf1 a -all). If you want these messages to fail, you should publish
Domain DNS servers out of sync
We regularly check your SPF, DKIM, DMARC, MTA-STS, DANE, and TLS-RPT DNS records. We've received inconsistent record values from the different DNS servers.
New or updated DNS records discovered
The URIports DNS monitor automatically monitors DKIM, SPF, DMARC, MTA-STS, DANE, and TLS-RPT records. You'll get notified whenever we detect a change in record value or a new record. In addition, you can use the DNS monitor to see current en previous values. Make sure the changes are legit and error-free.
New CSP violations
Multiple sources triggered a new CSP violation. This may indicate that malicious code has landed on your website or that a legitimate source is not correctly allowlisted.
DMARC failure rate increase
Reports show a significant increase in messages that failed DMARC validation. This could indicate a malicious party is sending email messages on behalf of the domain or issues with the DKIM or SPF configuration.
Certificate expiring soon
The certificate monitor has detected that an actively used certificate will expire within seven days. Therefore, you need to renew the certificate to avoid connectivity issues.
New certificate issued
A Certificate Authority (CA) issued a new certificate for your domain. Use the Certificate Monitor to identify any misissued certificates to avoid abuse.
Certificate issues detected
The certificate monitor has detected issues with a certificate that could cause connectivity issues for web or mail clients. Use the Certificate Monitor to identify which IP addresses and hostnames are experiencing issues. You can also find a more detailed description of the error.
Deprecated browser API or feature detected
Multiple browsers indicate that a browser API or feature has been used, which is expected to stop working in a future update to the browser.
URIports' current processing rate will not be enough to process the full report quota for the rest of the month. See the dashboard to determine which report type consumes the most and whether (a) the problem can be resolved or (b) the offending report type can be blocked. In the event of a Network-Error-Logging-reports notification, you can adjust the success/failure ratio to limit the number of reports we receive.
For easier troubleshooting, each notification has a link that forwards you to the report that triggered the notification.
Push notifications and email
By configuring push notifications, you'll be able to receive notifications instantly via the Telegram messaging platform or hourly, daily, or weekly via email. So you can set and forget URIports, and we'll keep you posted on anything worth investigating.