Understanding Recipients
Recipients are email addresses that receive automated summaries of your DMARC reports. These summaries help keep your team informed about email authentication status without requiring them to log into the SpoofMon dashboard.
Why Set Up Recipients?
- Proactive monitoring: Get notified of issues without manual checking
- Team awareness: Keep IT staff and security teams informed
- Trend identification: Spot patterns in email authentication
- Compliance reporting: Share summaries with management
Adding Recipients
Step 1: Navigate to Recipients
- Log into your SpoofMon dashboard
- Click on "Recipients" in the main navigation menu
- You'll see your current recipients list and an "Add Recipient" button
Step 2: Add New Recipient
- Click the "Add Recipient" button
- Fill in the required information:
- Email Address: Valid email where reports will be sent
- Display Name: Friendly name for identification (e.g., "IT Security Team")
- Domains (optional): Limit reports to specific domains
- Click "Add Recipient" to save
Step 3: Email Verification
After adding a recipient, the verification process begins automatically:
- A verification email is sent to the recipient's address
- The recipient must click the verification link within 24 hours
- Once verified, the recipient will start receiving report summaries
- Unverified recipients will not receive any reports
Verification Requirements
- Each email address must be verified before receiving reports
- Verification links expire after 24 hours
- You can resend verification emails if needed
- Corporate email filters may block verification emails
Recipient Status and Management
Status Indicators
Each recipient shows a status that indicates their current state:
Verified
Email address is verified and actively receiving report summaries.
Pending Verification
Verification email sent but not yet confirmed by recipient.
Verification Failed
Verification link expired or email bounced. Resend verification required.
Inactive
Recipient disabled or suspended from receiving reports.
Available Actions
For each recipient, you can perform various management actions:
| Action |
Button |
Description |
When to Use |
| Resend Verification |
Verify |
Send new verification email |
Verification failed or expired |
| Edit Recipient |
Edit |
Modify name or domain settings |
Update recipient information |
| Disable/Enable |
Toggle |
Temporarily stop/resume reports |
Vacation or role changes |
| Remove Recipient |
Remove |
Permanently delete recipient |
No longer needs reports |
Domain-Specific Recipients
Filtering by Domain
You can configure recipients to receive reports for specific domains only:
Best for:
- IT administrators
- Security teams
- Management oversight
- Small organizations
Best for:
- Department-specific domains
- Business unit separation
- Client-specific domains
- Large organizations
Setting Up Domain Filtering
- When adding or editing a recipient, look for the "Domains" section
- Leave blank to receive reports for all domains
- Select specific domains to limit reporting scope
- You can modify domain assignments at any time
Report Delivery Schedule
When Recipients Receive Reports
Report summaries are sent on a regular schedule:
- Daily Summaries: Sent each morning with previous day's activity
- Weekly Summaries: Comprehensive weekly overview sent on Mondays
- Monthly Reports: Detailed monthly analysis sent on the 1st of each month
- Alert Notifications: Immediate notifications for significant security events
Report Content
Each summary email includes:
- Total number of DMARC reports processed
- Authentication success/failure rates
- Top sending sources (IP addresses and organizations)
- Notable changes or trends
- Quick links to detailed reports in the dashboard
Troubleshooting Delivery Issues
Common Delivery Problems
Possible Causes & Solutions:
- Spam folder: Check spam/junk mail folders
- Email filters: Corporate filters may block automated emails
- Invalid address: Verify email address is correct
- Server delays: Allow up to 15 minutes for delivery
- Resend: Use the "Resend Verification" button
Check These Items:
- Verification status: Ensure recipient is verified
- Domain activity: Verify domains are receiving DMARC reports
- Email filters: Whitelist sender address
- Recipient status: Confirm recipient is not disabled
- Domain filtering: Check if recipient is limited to specific domains
Reduce Email Volume:
- Adjust frequency: Switch from daily to weekly summaries
- Domain filtering: Limit to specific domains
- Threshold settings: Set minimum report counts for notifications
- Multiple recipients: Distribute different domains to different people
Best Practices for Recipients
Who Should Be Recipients?
- IT Security Team
- Email Administrator
- Domain Owner
- IT Manager
- Compliance Officer
- Business Unit Leads
- Shared inboxes
- External contacts
- Temporary accounts
Recipient Management Tips
- Start small: Begin with 1-2 key recipients
- Use meaningful names: Clear display names help with management
- Regular reviews: Audit recipient list quarterly
- Document purposes: Keep notes on why each recipient was added
- Test verification: Verify new recipients can receive emails
- Monitor engagement: Remove recipients who don't need reports anymore
Pro Tips for Recipient Success
- Set up recipients before adding domains to ensure immediate notifications
- Use role-based email addresses ([email protected]) for continuity
- Create separate recipients for different alert types or domains
- Coordinate with your email team to prevent delivery issues
- Keep backup recipients in case primary contacts are unavailable
- Review recipient effectiveness during security reviews