These days we deploy new refactored mail notification feature. Someone may think, why is email such a big deal? The short answer: it is the one and most accepted notification channel throughout our customers. For the longer one, you will have to read on. And I promise I won’t buzz that they are now “fully” responsive mails and so on.

Why new mails?

When we started in 2013 we implemented a standard set of emails. Alertmails which notify the customer if something just happened, digest mails which sum up the events of a week or the last 24 hours. After a while there came also mails for booking, booking confirmation, support requests, infomails, password reset and some more.

And, with the years, we also got new alert categories we detect and should notify on. But our mails were not set to comply with this task as we intended to do and to server our customers.

So we thought of a new format and approach and sat together at the scribble board.

3 main questions to answer

We agreed that notifications only then are effective when they generate benefit for the one who gets them and has to read them. Therefore 3 main questions has to be answered by an email:

  1. “What just happened?”,
  2. “How to verify the issue?”,
  3. “What to do next?”

The first two questions are easy to answer, because we have them already in the databases. The third will be some work in progress as the system grows and we get more knowledge on how our customers react to certain events. So we can provide a best practice guide on what to do now. At least we can tell some additional information that helps understanding the issue.


Our alert notifications include now dramatically more information than before. And not just that; Every category we scan through is now explained individually. The image above just shows a typical web shell alert. But there are additionally these categories:

  • Malware
  • Modified Content
  • Defacements
  • TLS Issues
  • Application outdated/vulnerable
  • Blacklisting & Reputation

A special interest was the improvement of our defacement alerts. Before we just notified that the website was maybe defaced. But with the new notifications we also attach screenshots of the website as it looked before and after we detected the defacement. So you can determine if it is really a defacement or just the latest facelift of the website which brought the alert — without having to look in our portal or at your webpage at all.


This was all about alert mails. But with this change we also adjusted the other mails as well. See some examples below:

[![First steps after booking](/content/images/2016/08/booking-firststeps.png?resize=848%2C999&ssl=1)](/content/images/2016/08/booking-firststeps.png?ssl=1)
First steps after booking
[![Negative digest](/content/images/2016/08/dailysummarybad.png?resize=848%2C999&ssl=1)](/content/images/2016/08/dailysummarybad.png?ssl=1)
Negative digest
[![Positive digest](/content/images/2016/08/dailysummarygood.png?resize=848%2C999&ssl=1)](/content/images/2016/08/dailysummarygood.png?ssl=1)
Positive digest
[![Password reset mail](/content/images/2016/08/passwordreset.png?resize=848%2C999&ssl=1)](/content/images/2016/08/passwordreset.png?ssl=1)
Password reset mail