SendCheck logoSendCheckDeliverability control center
Guide · Incident response

Deliverability war room template

A concise agenda, stakeholder scripts, and postmortem outline to keep deliverability incidents calm, fast, and evidence-backed.

Incident agenda

0–5 min · Assemble

  • SendCheck triage bot posts latest drift alerts, affected domains, and policy diffs to #deliverability-war-room.
  • Incident commander assigns roles: facilitator, scribe, liaison to marketing/support.

5–15 min · Triage

  • Review SendCheck score changes, DMARC failure volume, and impacted segments (customer vs. internal).
  • Check status dashboard for ongoing incidents or maintenance windows.
  • Document suspected root cause on shared timeline.

15–30 min · Stabilize

  • Rollback or pause offending senders, adjust SPF includes, or rotate DKIM selectors if compromised.
  • Update stakeholders via Slack/Email template (see below).
  • Confirm that SendCheck alerts return to green across key domains.

30–45 min · Communicate

  • Publish status page update with ongoing actions.
  • Notify executives and support of customer impact/resolution path.
  • Schedule follow-up analysis meeting within 48 hours.

Stakeholder update

Subject: Deliverability update – {{domain}}

We detected a drop in DMARC alignment for {{domain}} starting {{timestamp}}. The team isolated the issue to {{root_cause}}. SPF/DKIM/DMARC are now passing again. No customer emails were rejected; however, {{impact_summary}}.

Next steps:
- Monitor SendCheck drift alerts for 24 hours
- Follow up with {{owner}} to prevent regression

— SendCheck deliverability team

Postmortem outline

1. Summary
2. Timeline (with SendCheck alert screenshots)
3. Root cause analysis
4. Customer impact
5. Preventative actions
6. Owners & deadlines

Automate incident creation

SendCheck can post directly into Linear, Jira, or Slack when drift events cross critical thresholds. Add severity-based routing to triage faster.

Explore integrations

Drill frequency

Run quarterly tabletop exercises using this template. Swap in a scenario—spoofing, SPF drift, DKIM key compromise—and capture learnings in your deliverability wiki.