User Auditing

Cumulus keeps a trace of all actions that were taken in the interface. These traces are kept for accountability purposes and can therefore not be deleted or altered in any way. Audited actions include:

  • Who took the action
  • When was the action taken

Since actions are audited for each user account, we recommend that all users have their own account in Cumulus. This is especially important for Administrators, who have the possibility of editing the configurations that impact email reception. 

There are multiple methods of viewing the audit record:
  • The main way is using the Audit tab (My Organization → Audit) to view the API Audit.
  • Some legacy information can still be found by selecting a user account and using the Events tab.

API Audit

With the proliferation of automation in Cumulus, our fantastic Dev team rolled out a holistic Audit section of actions taken in Cumulus. The Audit logs themselves are quite straightforward to read, with the most interesting information being in the Description section. Here is a (non-exhaustive) list of events you can find in the API Audit:

  • Creation/deletion of a domain
  • Change in transport mode
  • Delivery paused/resumed
  • Change in configuration status activated/deactivated by ZEROSPAM
  • Creation/deletion of a group domain
  • Creation of a request for domain or client deactivation
  • Cancelled request for domain or client deactivation
  • Account deleted by ZEROSPAM
  • Account reactivated by ZEROSPAM
  • Update on number of mailboxes: name of the individual who made the declaration, dates and details of the declaration
  • Change in an organization’s status for the total annual mailbox update

Similar to the logs and the quarantine, you can use the search parameters to narrow down what you're looking for. What's different from the logs and parameters is that there is no expiration date on the information. This means you can find events dating back two or more years if need be.


By now, the events tab is nearly deprecated. All that is left are traces of user logins and logouts. 

You can find a general Events tab under the Audit section which contains login/logout information for all users. You can find a personalized Events tab when selecting a user account which only displays that user's logins and logouts