If you are responsible for maintaining web or mail servers it is always a good idea to monitor health and performance. Enabling reporting will give you great insight and keep you posted on possible issues. Unfortunately, browsing through thousands of reports daily can be quite time consuming. We at URIports understand that, and that is why we have created notifications.
By digesting reports on an regular basis we are able to detect possible misconfigurations or issues with your services. This allows us to notify you when something might be wrong and needs your immediate attention.
We'll send you a notification in the following scenarios:
HTTP 404 error
Multiple sources triggered an HTTP 404 (Page not Found) error. This would indicate that a file or page was deleted or moved or the link contains an error.
HTTP 5xx error
Multiple sources triggered an HTTP 5xx error. Your server responded with a "service unavailable"-error. This would indicating that the web server is too busy or down.
HTTP TLS error
Multiple sources experienced TLS errors while communicating with your website. These errors could indicate a configuration error or a problem with your SSL certificate (expired / hostname mismatch).
IP address unreachable
Multiple sources triggered a tcp.address_unreachable (The IP address is unreachable) error. This would indicating that the web server is down or experiencing connectivity issues.
TCP Refused error
Multiple sources triggered a tcp.refused (The TCP connection was refused by the server) error. This would indicating that the web server is down or unavailable.
SMTP TLS-RPT error
Multiple sources registered SMTP TLS-RPT errors. These errors occur when there is something wrong with your mail server or its certificate. A certificate could have a hostname mismatch or could be expired. This error could also indicate a MiTM attack.
No MTA-STS or DANE policy found
Received reports indicate that your domain does not have a valid MTA-STS or DANE policy. Having an SMTP TLS-RPT policy without them will only result in useless reports. Preferably you should implement both MTA-STS and DANE. More on this subject can be found in our blog here.
Sudden email count increase
A large increase in emails being sent from hostnames that are in your SPF policy (e.g. your mail servers) could indicate a malicious script sending emails on your behalf.
DKIM Unsupported algorithms
Reports have indicated that email messages were signed using weak, obsolete or experimental algorithms. This is caused when email messages are being signed with algorithms other than rsa-sha256.
SPF policy error
Multiple sources registered an SPF "permerror". This is caused when there is an syntax error in your SPF policy or when you have multiple "v=spf1" entries configured in your DNS.
Multiple sources registered an Expect-CT failure. There is a problem with the Certificate Transparency deployment of the host. Either there were no SCTs or one or more were invalid.
New CSP violations
Multiple sources triggered a new CSP violation. This may indicate that malicious code has landed on your website or that a legitimate source is not correctly whitelisted.
At the current rate of reports being processed by URIports there will not be enough quota left for the rest of the month. See the dashboard to see which report type consumes the most and see if problems can be resolved or types of reports can be blocked. In case of "Network-Error-Logging"-reports you can adjust the success/failure fraction to limit the number of reports being send to us.
Each notification comes with a link that will forward you to the reports that caused the notification, making it easy to troubleshoot.
Push notifications and email
By configuring push notifications you will be able to receive instant notifications by messaging platform Telegram or receive hourly, daily or weekly notification by email. This allows you to set and forget URIports and we'll keep you posted on anything worth investigating.