Getting Started

Add your MSP account, register your first domain, and trigger your first scan to see your posture score and any violations within minutes.

Step 1 — Log in to your dashboard

Sign in at app.senderfortify.com using the credentials from your welcome email. If you haven't received access yet, contact us to get set up.

Step 2 — Add your MSP account

Your MSP account is the top-level container for all your client domains. On first login you'll be prompted to name your account. This name appears in digest reports and alert payloads.

Step 3 — Add a domain

Navigate to Domains → Add Domain and enter the root domain you want to monitor (e.g. acmecorp.com). The root domain is scanned on its own cycle — add subdomains separately from the domain's detail view.

Step 4 — Set up an alert destination

Go to Settings → Alert Destinations and create at least one destination:

• Slack — paste your Incoming Webhook URL
• Email — enter one or more recipient addresses

Then go to Settings → Alert Rules and create a rule that routes your desired severities and alert types to that destination. A rule that matches all severities and all alert types is a good starting point.

Step 5 — Trigger your first scan

Open the domain you added and click Scan Now. The scan runs all checks — SPF, DMARC, DKIM, MTA-STS, TLS-RPT, BIMI, SMTP, and TLS — and returns a posture score with any findings. If CRITICAL or HIGH violations are found and you have a routing rule in place, alerts are delivered within about 2 minutes.

What happens next

After the initial scan, SenderFortify scans your root domains automatically every 4 hours and any registered subdomains every 6 hours. Scans are staggered so all domains are covered continuously — you don't need to trigger them manually. Alerts fire whenever a new violation opens, an existing one escalates, or a violation resolves.