Help Center

Using Webhooks for Compromised Account Notification

Webhooks provide a simple method of automating compromised account remediation. A webhook is an event notification sent to a URL of your choice. MailChannels Outbound Filtering compromised account notification webhooks alert you when compromised accounts are detected.  You can take any kind of action when you receive the notification such as changing passwords, rate limiting accounts, disabling accounts, quarantining scripts etc. 

Example webhook POST data:


   condition_name: :condition_name,

   condition_description: :friendly_description,

   timestamp: :time_of_alert,

   originator: :sender_hint,

   originator_type: :sender_hint_type,

   sender_id: :sender_id,

   transaction_id: :transaction_id_that_tipped_the_balance,

   envelope_sender: :envelope_sender


The webhook HTTP endpoint can be anything that is able to consume this data for processing. When an alert is posted about a sender spamming, the HTTP endpoint can be configured to take the sender_id and perform actions that would prevent this sender from continuing to send malicious traffic such as scrambling their password, blocking the account, suspending access to the mail server, etc.

Webhooks are fairly powerful when configured to automate account suspension/blocking when spamming has been detected. We have seen MailChannels Outbound Filtering customers reduce their total outbound volume by two-thirds simply by enabling webhooks and some form of automated action when compromised accounts are detected. When a spammer is blocked on the sending network, those messages are no longer submitted to our Outbound Filtering service for processing and no longer increase your total volume, which can lower your monthly cost. 

Webhook notifications are enabled through your MailChannels console.

  1. Login to your MailChannels console:
  2. Navigate to the Activity ~> Monitors area and click on the text link “Add Monitor”
  3. Select the Alert type you wish to create as a webhook notification 
  4. Select the interval in which you wish to receive these notifications. This ranges from 1 to 24 hours.
  5. Ensure you check the “Enabled” box to activate the monitor and begin sending notifications to your webhook endpoint.
  6. Change the alert type from the default “email” to “webhook”. 
  7. Enter your HTTP webhook URL into the text box and you have completed the setup of a webhook alert notification. 
  8. Click on the check mark to the right to save your monitor or the trashcan to delete it.


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.