agent hive
Join the Waitlist

IT OPS

Cloudflare email-auth integrity sentry: verify SPF, DKIM, DMARC and DNSSEC

On a schedule, validates that the live SPF, DKIM, DMARC, MX, and DNSSEC records in a Cloudflare zone still match the approved manifest values and pages plus opens a PR…

CategoryIT Ops
Enginesim
Difficultyadvanced
Triggerschedule
Steps6
Setup~25 min

How it runs

The automated pipeline, trigger to output.

  • TriggerDaily schedule fires
  • ActionFetch SPF/DKIM/DMARC/MX/DNSSEC records from CloudflareCloudflareCloudflare
  • ActionRead approved email-auth values from GitHubGitHubGitHub
  • LogicCompare critical records; exit on clean match
  • ActionRaise PagerDuty incident on mismatchPagerDutyPagerDuty
  • OutputOpen PR restoring correct manifest entriesGitHubGitHub

What it does

Guards the small set of DNS records whose corruption silently breaks email deliverability and domain trust. It checks the live SPF, DKIM, DMARC, MX, and DNSSEC DS state against the values declared in your manifest and treats any mismatch on these critical records as high severity.

When to use it

Use it when a fat-fingered SPF edit or a disabled DNSSEC flag would route your mail to spam or expose the domain to spoofing, and you want a tighter, louder check than the general DNS diff. This template focuses only on the records that carry security weight.

How it works

  1. 1A daily schedule fires the run.
  2. 2Fetch the relevant TXT, MX, and DNSSEC records from the Cloudflare zone.
  3. 3Read the approved email-auth values from the manifest in GitHub.
  4. 4A logic step compares each critical record; a clean match ends the run.
  5. 5On any mismatch, raise a PagerDuty incident describing the affected record and the expected vs actual value.
  6. 6Open a GitHub pull request restoring the correct manifest entries for review.

Set it up

What you configure once, before turning it on.

  1. 1
    Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
  2. 2
    Connect GitHubRepos, issues, pull requests, actions.
  3. 3
    Connect PagerDutyIncidents, on-call, escalations.
  4. 4
    Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
  5. 5
    Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
  6. 6
    Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More IT Ops workflows

Daily Building Anomaly Digest to MS Teams

Each morning queries BigQuery for the prior day's flagged sensor anomalies, summarizes them by site and system into a ranked briefing.

Indoor Air Quality Breach to Tenant Notice and Work Order

Listens for CO2, VOC, or humidity sensor alerts via webhook, and when a zone exceeds occupant-safety limits it emails affected tenants, opens a Monday remediation task.

Self-Service Reclaim Email for Idle Users

Detects users idle in a SaaS app past the threshold and emails each one a keep-or-release link; unanswered seats after the deadline are auto-flagged for removal.

Outlook Room Conflict Resolver with Approval Gate in Teams

When an Outlook room clashes, proposes a rebooking and asks the bumped meeting's organizer to approve the move in Microsoft Teams before any change is made.

Outlook Room Double-Booking Resolver with Auto-Rebook

Detects when two meetings claim the same Outlook room resource and automatically relocates the lower-priority meeting to a comparable free room.

Monthly Wasted-License Cost Report

Aggregates inactive-seat data across all tracked SaaS apps each month, computes total reclaimable spend, and delivers a ranked cost report to leadership in Notion and Slack.

Browse all IT Ops

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the WaitlistBrowse all workflows