Advanced | Email Templates
In order for ADG to configure and send emails, SMTP must be configured. (See Configuring SMTP for instructions.)
ADG provides four default templates out-of-the-box:
- Default Scan Completed Email Template
- Default Scan Failed Email Template
- Default Password Exposed Email Template
- Default Password Reset Email Template
Users can use these defaults or create unlimited custom templates.
🗂️ Email Template Types
| Type | Description |
|---|---|
| System | Sent for system-level activities, e.g., scan completion or failure |
| User | Sent in response to matches tied to an AD user (formerly called “User Outreach” emails) |
Note: The Template Type acts as a filter in the UI. If a template doesn’t appear in configuration, confirm it was created with the correct type.
⚙️ Configuring Email Templates
Navigate to Advanced Settings → Email Templates to see all available templates.
- Edit / Delete → click next to the template (cannot delete if in use by a remediation policy)
- Create new → click Add
Steps to Create a New Template
- Enter a unique name in Template Name
- Select a Template Type (System or User)
- Define To, Reply To, and Sender Name fields
- Supported tags:
{{smtp_config_default_recipients}}{{smtp_config_default_reply_to}}{{smtp_config_default_sender_name}}
- Multiple recipients allowed (one per line)
- Supported tags:
- Enter a Subject Line (supports tags for personalization)
- Example:
Scan completed for domain: {{ad_domain}}. {{ad_total_accounts_scanned}} accounts scanned.
- Example:
- Choose an Email Format (see below)
🎨 Email Format Options
🖼️ Default Template
- Compose the message body directly in ADG
- Add an optional header logo (SpyCloud logo used if none selected)
- Supports tagging
✍️ Plain Text Message
- Send as plain text (non-HTML)
- Message body supports tagging
💻 Custom HTML Template
- Upload an HTML file or create/edit HTML in ADG
- Supports tagging
- Saved templates undergo security sanitization to strip unsafe tags (see below)
🧪 Testing & Saving
- Send Test Email → saves and sends the template to a test address
- Save → stores template without sending
🏷️ Email Personalization Tags
Tags can be used in: Subject Line, Message, HTML Template, To, Reply To, and Sender Name.
System Email Tags
| Tag | Meaning |
|---|---|
{{hostname}} | Hostname where scan was run |
{{ad_domain}} | Local AD Domain scanned |
{{total_breach_records}} | Total breach records from Watchlist |
{{ad_total_accounts_scanned}} | Count of Local AD accounts scanned |
{{ad_total_password_matches}} | Count of Local AD password matches |
{{ad_exact_matches}} | Count of exact matches |
{{ad_banned_matches}} | Count of banned password matches |
{{ad_fuzzy_matches}} | Count of fuzzy matches |
{{ad_idlink_matches}} | Count of IDLink matches |
{{ad_nist_matches}} | Count of NIST Global matches |
{{ad_password_reset}} | Count of password resets performed |
{{failure_message}} | Failure message if scan fails |
{{scan_settings}} | Shorthand of scan settings chosen |
{{smtp_config_default_recipients}} | Value from “Default To” in SMTP config |
{{smtp_config_default_reply_to}} | Value from “Default Reply To” |
{{smtp_config_default_sender_name}} | Value from “Default Sender Name” |
User Email Tags
| Tag | Meaning |
|---|---|
{{hostname}} | Hostname where ADG is running |
{{ad_domain}} | Local AD Domain scanned |
{{account}} | SAM Account Name |
{{email}} | User’s Mail attribute |
{{upn}} | User Principal Name |
{{display_name}} | Display Name attribute |
{{computed_email}} | Mail if exists, else UPN |
{{manager_email}} | Manager’s Mail attribute |
{{manager_upn}} | Manager’s UPN |
{{manager_display_name}} | Manager’s Display Name |
{{manager_computed_email}} | Manager’s mail if exists, else UPN |
{{match_type}} | Type of password match |
{{breach_id}} | Source ID of breach |
{{breach_description}} | Description of breach |
{{breach_source}} | Breach source |
{{exposure_count}} | Exposure count (NIST matches) |
{{smtp_config_default_recipients}} | Value from SMTP config Default To |
{{smtp_config_default_reply_to}} | Value from Default Reply To |
{{smtp_config_default_sender_name}} | Value from Default Sender Name |
🔒 Custom HTML Sanitization
When saving an HTML template, ADG strips unsafe HTML.
Allowed tags include:
a, abbr, acronym, address, area, article, aside, b, blockquote, body, br, button, caption, cite, code, col, colgroup, data, datalist, dd, del, details, dfn, div, dl, dt, em, fieldset, figcaption, figure, footer, form, h1–h6, header, hr, html, i, img, input, ins, kbd, label, li, main, mark, menu, meter, nav, ol, option, output, p, pre, progress, q, s, samp, section, select, small, span, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, time, tr, u, ul, var, wbr
Allowed attributes include:
abbr, accept, align, alt, autocomplete, bgcolor, border, checked, cite, class, colspan, contenteditable, dir, disabled, draggable, for, headers, height, href, id, lang, list, maxlength, media, method, name, placeholder, rel, required, rows, selected, size, span, src, style, tabindex, target, title, type, value, width
Updated 2 months ago