At Plivo, protecting your account and ensuring the smooth delivery of your messages is a top priority. Over the past few years, our system for detecting unusual traffic and sending alerts has continuously evolved, helping us catch potential issues early and keep you informed.
Why Do Unusual Traffic Alerts Happen?
Unusual traffic alerts can be triggered by a variety of reasons, and understanding these can help you take the right steps if you receive one:
- Account Takeover: Sometimes, unauthorized users gain access to your account credentials and start sending messages on your behalf. To help prevent this, Plivo offers an option to whitelist incoming requests from specific IP addresses. This adds an extra layer of security by limiting access only to trusted sources. Reach out to our support team to configure this for your account.
- SMS Pumping: This occurs when someone exploits your account or messaging platform to send large volumes of messages illegitimately. To learn more about SMS pumping and how to protect your account, read more here.
- Application Logic Issues: Sometimes, bugs or unintended loops in your own applications can cause your system to send far more messages than intended, resulting in a traffic surge.
In all these cases, a sharp increase in message volume can impact your costs and the overall performance of your messaging.
How Does Plivo’s Alert System Help?
To keep you informed without overwhelming you, Plivo uses a smart alert system designed with carefully chosen thresholds. This means we aim to strike the perfect balance between:
- Sending timely alerts about suspicious spikes in your messaging volume, and
- Ensuring these alerts are meaningful and actionable, so you can focus on what truly matters.
By doing so, we help you respond quickly to potential security incidents or technical issues — minimizing disruption and keeping your communication flowing smoothly.
How These Alerts Work
Plivo monitors your messaging volume over different time periods and compares the recent activity to your historical patterns. This way, we can spot unusual spikes that might indicate problems. Here’s a simplified overview of how the system works:
- Short-Term Spike Check (Last 7 Hours):
Every hour, we review your message volume for the most recent 7-hour window and compare it against the same 7-hour windows across the past 2 months. This alert is triggered only if:
- The total message spend in the last 7 hours exceeds $500, and
- There is a sharp increase compared to your historical average for that period.
- Weekly Trend Check:
We compare your message spend over the last 7 days to the previous 7 days. This alert triggers only if:
- Your spend in the last 7 days exceeds $1,000, and
- Your spend is at least 30% more than the previous 7-day period.
- Monthly Trend Check:
Every day, we check your messaging spend over the last month. If your spend is more than $2,000 and there is more than a 50% increase compared to the previous month’s spend for the same period, this alert is triggered.
To avoid alert fatigue, if an alert was recently sent for the same type of spike, we suppress duplicate notifications unless the volume increases substantially again.
Newer accounts (created within the last 2 weeks or 2 months, depending on the check) may not be subject to some of these checks to avoid false positives.
Please note:
We designed these thresholds considering that many accounts have sporadic or seasonal traffic patterns, such as marketing campaigns, that cause natural volume fluctuations. To avoid unnecessary alerts on normal variations, a minimum dollar spend threshold is included alongside percentage increases. This helps ensure alerts focus on truly unusual or actionable spikes.
These thresholds and alert check frequencies are fixed and not configurable at the moment. If you would like a custom alert setup tailored to your needs, please reach out to our support team.
Managing Your Alerts
- These unusual traffic alerts are enabled by default for all new accounts to help you stay protected right from the start.
- If you want to enable or disable these alerts at any time, simply log in to your Plivo Console and navigate to Messaging > Settings > Alerts.
- For these alerts to work effectively, you need to add one or more email addresses in the alert settings. This ensures the notifications are sent to the right people or groups responsible for monitoring your account activity. You can add individual email addresses or group mailing lists as needed.
Example Scenarios
Scenario 1: Sudden Spike Due to Account Takeover
Your account is normally sending about 1,000 messages every 7 hours. Suddenly, an unauthorized user logs in and sends 3,000 messages in one 7-hour period. Plivo detects this spike against your historical patterns and sends an unusual traffic alert.
Scenario 2: Legitimate Increase Without Alert
You run a marketing campaign every month-end that usually doubles your message volume. Since this increase is expected and consistent month-over-month, Plivo’s system recognizes the pattern and will not raise an alert.
Scenario 3: Application Bug Causing Message Loop
A recent app update unintentionally causes a loop sending 10 times more messages than usual in the past week. The weekly and short-term volume checks both notice this spike and trigger alerts so you can investigate quickly.
Scenario 4: Minor Fluctuation in Volume
Your message volume increases by 15% compared to the previous week, but the total increase is small and below the threshold. Plivo’s system does not trigger an alert to avoid false alarms.
At Plivo, we’re committed to enhancing our detection capabilities and providing you with peace of mind. If you ever receive an unusual traffic alert, know that it’s part of our ongoing effort to protect your account and optimize your messaging experience.