Audit Logs
MailShield maintains a comprehensive audit trail of all significant actions taken within your organization. This helps you track changes, investigate security incidents, and maintain compliance.
What's Tracked
Audit logs capture the following categories of actions:
Domain Operations
| Action | Description |
|---|---|
domain.create | A new domain was added to monitoring |
domain.delete | A domain was removed from monitoring |
domain.update | Domain settings were modified (e.g., usage type) |
domain.verify | Domain ownership was verified |
API Token Operations
| Action | Description |
|---|---|
token.create | A new API token was created |
token.revoke | An API token was revoked |
token.update | API token settings were modified (e.g., IP allowlist) |
Team Member Operations
| Action | Description |
|---|---|
member.invite | A team member was invited |
member.role_change | A member's role was changed |
member.remove | A member was removed from the organization |
invite.cancel | A pending invitation was cancelled |
invite.accept | An invitation was accepted |
Organization Operations
| Action | Description |
|---|---|
organization.transfer_ownership | Organization ownership was transferred |
organization.update_name | Organization name was changed |
Subscription Operations
| Action | Description |
|---|---|
subscription.checkout | A subscription checkout was initiated |
subscription.plan_change | The subscription plan was changed |
subscription.cancel | The subscription was cancelled |
Admin Operations
| Action | Description |
|---|---|
admin.impersonate_start | An admin started impersonating a user |
admin.impersonate_stop | An admin stopped impersonating a user |
Audit Log Details
Each audit log entry contains:
- Actor - Who performed the action (user, API token, or system)
- Action - What action was performed
- Resource - What was affected (domain, token, member, etc.)
- Metadata - Additional details about the change (e.g., old and new values)
- IP Address - The IP address of the request
- User Agent - The browser or client used
- Timestamp - When the action occurred
Actor Types
- User - A logged-in team member
- API Token - An action performed via the REST API
- System - An automated system action (e.g., scheduled jobs)
Viewing Audit Logs
Navigate to Settings > Audit Logs to view your organization's audit trail. You can filter by:
- Date range
- Action type
- Actor
- Resource
Data Retention
Audit logs are retained for the lifetime of your organization. They are not automatically deleted when resources are removed, ensuring a complete historical record.
Security Features
Impersonation Tracking
When a MailShield admin impersonates a user for support purposes, audit logs record:
- The admin who initiated the impersonation
- All actions taken during the impersonation session
- When the impersonation ended
This ensures full accountability even during support interactions.
Non-Blocking Design
Audit logging is designed to never interfere with your operations. If logging fails for any reason, the primary action still completes successfully.