Security events are scattered across the codebase
Login detection, password change handlers, API key creation — each lives in a different service or controller, often with its own email-sending logic.
Trust-critical SaaS emails
Security alert emails that fire the moment something changes
New login from a new device, password changed, API key created — each security event should trigger a clear, immediate email. No batching, no delay, no custom notification service.
Why security emails are often an afterthought
Inconsistent templates erode trust
A security email with a different layout or tone from your product emails looks phishing-like. Users doubt authenticity.
No central log of security notifications
Debugging "did the user receive the new-login alert?" is hard when each service sends independently with no shared audit trail.
Localisation is skipped
Security emails often only exist in one language. Users who set their locale to German still receive an English new-login alert.
One event per security action — one consistent email
Fire a security event from any service
Your auth service, API key service, 2FA service — each fires a typed event. else.events routes to the right security email template.
Consistent template and branding
All security emails use the same template system, brand variables and layout as your product emails. No phishing-like inconsistency.
Locale-aware security alerts
Include a locale in the security event. The right language template is selected automatically.
Central log of all security sends
Every security alert logged in one place — event type, recipient, delivery status, timestamp.
Security events and the emails they trigger
security.new_login New login from new device
Immediate alert with device type, location and "was this you?" link.
security.password_changed Password changed
Confirmation that password was changed — with a contact link if it was not the user.
security.2fa_changed 2FA enabled or disabled
Security confirmation when two-factor authentication settings change.
security.api_key_created API key created
Alert when a new API key is generated — useful for shared accounts.
security.suspicious_activity Suspicious activity detected
Flexible alert for any anomaly your backend detects.
Frequently asked questions
- Can I send security emails from multiple services to else.events?
- Yes. Any service in your stack can fire events to else.events. Rules route each event type to the right template regardless of which service originated it.
- How do I include device or location data in the alert?
- Include it in the event payload data object. The template renders it with {{ data.device }}, {{ data.location }} etc.
- Can I add a "secure your account" link to the email?
- Yes. Include the link in the event payload as a data field. The template renders it as a CTA button.
- Are security emails sent in the user's language?
- Yes — if you include a locale field in the event payload and have a template for that locale, else.events routes to the localised version automatically.
Security emails that build trust instead of confusion
One event, consistent template, central log. No custom notification service.
- Free during public beta
- Consistent branding across all security alerts
- Locale-aware routing