Help Center

Using Webhooks for Compromised Account Notification

Webhooks are available to all Standard Plan or higher customers.

Webhooks are a type of Alert Monitor and only available with subscriptions that include Monitoring. Please upgrade your subscription to a tier that includes Alert Monitors to take advantage of webhook notifications and alerts.

Webhooks provide a simple method of automating compromised account remediation. A webhook is an event notification sent to a URL of your choice. MailChannels Outbound Filtering compromised account notification webhooks alert you when compromised accounts are detected.  You can take any kind of action when you receive the notification such as changing passwords, rate limiting accounts, disabling accounts, quarantining scripts etc. 

Example webhook POST data:

   condition_name: :condition_name,
   condition_description: :friendly_description,
   account_id: :account_id,
   timestamp: :time_of_alert,
   originator: :sender_hint,
   originator_type: :sender_hint_type,
   sender_id: :sender_id,
   ip: sending_ip_address,
   transaction_id: :transaction_id_that_tipped_the_balance,
   envelope_sender: :envelope_sender

The webhook HTTP/HTTPS endpoint can be anything that is able to consume this data for processing. When an alert is posted about a sender spamming, the endpoint can be configured to take the sender_id and perform actions that would prevent this sender from continuing to send malicious traffic such as scrambling their password, blocking the account, suspending access to the mail server, etc.

Webhooks are fairly powerful when configured to automate account suspension/blocking when spamming has been detected. We regularly see MailChannels Filtering customers reduce their total outbound volume by two-thirds, simply by enabling webhooks and some form of automated action when compromised accounts are detected. When a spammer is blocked on the sending network, those messages are no longer submitted to our Outbound Filtering service for processing and no longer increase your total volume, which will reduce any applicable overage charges. 

Webhook notifications are enabled through your MailChannels console.

  1. Login to your MailChannels console:
  2. Navigate to the Outbound > Activity > Monitors area and click on the text link “Add Monitor
  3. Select the Alert type you wish to create as a webhook notification 
  4. Select the interval in which you wish to receive these notifications. This ranges from 1 to 24 hours.
  5. Ensure you check the “Enabled” box to activate the monitor and begin sending notifications to your webhook endpoint.
  6. Change the alert type from the default “email” to “webhook”. 
  7. Enter your HTTP/HTTPS full webhook URL path into the text box. Your endpoint should be tested using 3rd party API tools or on the command-line, using software such as CURL. The above example JSON webhook can be used for this purpose. Encrypted webhook destinations must be prefaced with https:// or SSL encryption is not used.
  8. Click on the green check mark to the right to save your monitor or the trashcan to delete it.


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.