Email Notifications¶
Threat Loom supports two email delivery modes:
- Per-Article — An email for every newly summarized article with full structured analysis
- Digest — Aggregated daily or weekly summaries of all collected articles in the period
Setup¶
- Go to Settings in the web UI
- Enable Email Notifications
- Fill in your SMTP server details and recipient address
- Choose your delivery mode: Per-Article or Digest
- If using Digest mode, select frequency: Daily or Weekly
- Click Send Test Email to verify
- Click Save Settings
SMTP Configuration¶
| Field | Description |
|---|---|
| Recipient Email | Address that receives notifications |
| SMTP Host | Your mail server hostname |
| SMTP Port | Usually 587 (STARTTLS) or 465 (SSL) |
| SMTP Username | Login username (often your email address) |
| SMTP Password | App password or SMTP password |
| Use STARTTLS | Enable TLS encryption (recommended) |
Common SMTP Providers¶
Gmail¶
| Setting | Value |
|---|---|
| Host | smtp.gmail.com |
| Port | 587 |
| Username | you@gmail.com |
| Password | App Password |
| TLS | Enabled |
Gmail App Passwords
Gmail requires an App Password if you have 2-Factor Authentication enabled. Regular account passwords will not work. Go to Google App Passwords to generate one.
Outlook / Microsoft 365¶
| Setting | Value |
|---|---|
| Host | smtp.office365.com |
| Port | 587 |
| Username | you@outlook.com |
| Password | Your account password |
| TLS | Enabled |
SendGrid¶
| Setting | Value |
|---|---|
| Host | smtp.sendgrid.net |
| Port | 587 |
| Username | apikey |
| Password | Your SendGrid API key |
| TLS | Enabled |
Delivery Modes¶
Per-Article Mode¶
Each notification email is sent immediately after an article is summarized. This mode provides real-time alerts for new threats and developments.
Best for: Staying on top of breaking threats and immediate incident response.
Digest Mode¶
Articles are collected over a configured period (daily or weekly) and sent as a single summary email. The digest includes:
- Count of new articles in the period
- Threat category breakdown
- Summary of key threats, actors, and vulnerabilities discussed
- Links to all original articles for deeper investigation
Frequency Options:
| Frequency | Delivery | Best For |
|---|---|---|
| Daily | Every day at 5:30 PM IST (12:00 UTC) | Regular briefing, avoiding email overload |
| Weekly | Every Friday at 5:30 PM IST (12:00 UTC) | Executive summary, weekly planning |
Manual Trigger: You can also send the current digest immediately from the Settings page using the Send Digest Now button, without waiting for the scheduled time.
Email Content¶
Each notification email includes:
- Article title with a link to the original source
- Executive Summary — concise overview of the threat
- Novelty — what is new or noteworthy about the reported activity
- Details — technical findings, IOCs, CVEs, timelines
- Mitigations — actionable defensive recommendations
Configuration¶
SMTP settings (host, port, username, password) and the notification recipient are configured on the Settings page of the web UI and stored in data/config.json. This applies to both standalone and Docker deployments — the config persists on the bind-mounted ./data directory, so it does not need to be re-entered after a container restart. SMTP settings are not read from environment variables.
Behavior Notes¶
- Emails are sent per article — one email for each successfully summarized article
- Failures never block the pipeline — if an email fails to send, the error is logged and processing continues
- No external dependencies — uses Python's built-in
smtplibandemail.mimemodules - TLS is enabled by default on port 587 using STARTTLS
- SMTP password is stored in plaintext in
config.json, consistent with how API keys are stored