Alert Routing
Alert Routing
Destinations define where alerts go. Rules define which alerts get there. Every MSP account manages its own destinations and rules independently.
Destinations
Two destination types are supported:
- Slack — an Incoming Webhook URL from your Slack workspace
- Email — one or more recipient addresses delivered via your Postmark server token
Multiple destinations can be created. Each destination can be toggled on or off without deleting it. You can test a destination at any time from the Settings page — this sends a real test message.
Rules
A rule connects a destination to a filtered set of alerts. Each rule filters by three independent dimensions:
- Severity — CRITICAL, HIGH, MODERATE, or all (
*) - Alert type — OPEN, REMINDER, ESCALATION, RESOLVED, DIGEST, or all
- Category — DMARC, SPF, DKIM, MTA_STS, SMTP, TLS, BIMI, or all
A single alert is delivered to every matching destination rule. Multiple rules can match the same alert — useful for routing CRITICAL alerts to both a Slack channel and an email address simultaneously.
Alert types
- OPEN — a new CRITICAL or HIGH violation was detected
- REMINDER — an open violation hasn't been resolved in 7 days
- ESCALATION — an existing violation's severity increased
- RESOLVED — a violation was resolved (record corrected or check passed)
- DIGEST — daily summary of all open MODERATE violations per MSP account
MODERATE violations are never sent as immediate alerts —
they only appear in the daily digest. CRITICAL and HIGH violations trigger
immediate delivery within minutes of detection.