Email Notifications¶
Threat Loom supports two email delivery modes:
- Per-Article — An email for every newly summarized article with full structured analysis
- Digest — Aggregated daily or weekly summaries of all collected articles in the period
Setup¶
- Go to Settings in the web UI
- Enable Email Notifications
- Fill in your SMTP server details and recipient address
- Choose your delivery mode: Per-Article or Digest
- If using Digest mode, select frequency: Daily or Weekly
- Click Send Test Email to verify
- Click Save Settings
SMTP Configuration¶
| Field | Description |
|---|---|
| Recipient Email | Address that receives notifications |
| SMTP Host | Your mail server hostname |
| SMTP Port | Usually 587 (STARTTLS) or 465 (SSL) |
| SMTP Username | Login username (often your email address) |
| SMTP Password | App password or SMTP password |
| Use STARTTLS | Enable TLS encryption (recommended) |
Common SMTP Providers¶
Gmail¶
| Setting | Value |
|---|---|
| Host | smtp.gmail.com |
| Port | 587 |
| Username | you@gmail.com |
| Password | App Password |
| TLS | Enabled |
Gmail App Passwords
Gmail requires an App Password if you have 2-Factor Authentication enabled. Regular account passwords will not work. Go to Google App Passwords to generate one.
Outlook / Microsoft 365¶
| Setting | Value |
|---|---|
| Host | smtp.office365.com |
| Port | 587 |
| Username | you@outlook.com |
| Password | Your account password |
| TLS | Enabled |
SendGrid¶
| Setting | Value |
|---|---|
| Host | smtp.sendgrid.net |
| Port | 587 |
| Username | apikey |
| Password | Your SendGrid API key |
| TLS | Enabled |
Delivery Modes¶
Per-Article Mode¶
Each notification email is sent immediately after an article is summarized. This mode provides real-time alerts for new threats and developments.
Best for: Staying on top of breaking threats and immediate incident response.
Digest Mode¶
Articles are collected over a configured period (daily or weekly) and sent as a single summary email. The digest includes:
- Count of new articles in the period
- Threat category breakdown
- Summary of key threats, actors, and vulnerabilities discussed
- Links to all original articles for deeper investigation
Frequency Options:
| Frequency | Delivery | Best For |
|---|---|---|
| Daily | Every day at 5:30 PM IST (12:00 UTC) | Regular briefing, avoiding email overload |
| Weekly | Every Friday at 5:30 PM IST (12:00 UTC) | Executive summary, weekly planning |
Manual Trigger: You can also send the current digest immediately from the Settings page using the Send Digest Now button, without waiting for the scheduled time.
Email Content¶
Each notification email includes:
- Article title with a link to the original source
- Executive Summary — concise overview of the threat
- Novelty — what is new or noteworthy about the reported activity
- Details — technical findings, IOCs, CVEs, timelines
- Mitigations — actionable defensive recommendations
Environment Variables¶
For Docker deployments, SMTP settings can be configured via environment variables in docker-compose.yml:
environment:
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=587
- SMTP_USERNAME=you@gmail.com
- SMTP_PASSWORD=your-app-password
- NOTIFICATION_EMAIL=you@gmail.com
Setting NOTIFICATION_EMAIL automatically enables email notifications.
Behavior Notes¶
- Emails are sent per article — one email for each successfully summarized article
- Failures never block the pipeline — if an email fails to send, the error is logged and processing continues
- No external dependencies — uses Python's built-in
smtplibandemail.mimemodules - TLS is enabled by default on port 587 using STARTTLS
- SMTP password is stored in plaintext in
config.json, consistent with how API keys are stored