A cert expiry on a closing-doc portal isn't a downtime event — it's a TRID 3-business-day delivery breach under 12 CFR §1026.19(f) and a state real-estate commission consumer-protection trigger.
CFPB has settled TRID cases for $10M (Wells Fargo 2018) and $3.7M (HomeStreet Bank 2019). State DREs interpret cybersecurity failures as consumer-protection violations under broker license law.
Real-estate agencies building tech for residential and commercial brokerages, title companies, escrow agents, MLSes, and closing-doc / e-signature platforms deal with TRID Closing Disclosure 3-business-day delivery breaches (12 CFR §1026.19(f); TILA-RESPA Integrated Disclosure rule) when a closing-doc portal cert expiry breaks the DocuSign / Notarize / Snapdocs integrations that transmit the CD to the consumer, state real-estate commission + DRE / DBO consumer-protection enforcement (CA DRE, NY DOS, FL DBPR, TX TREC) on broker-side cert expiry when buyer pre-qualification documents (W-2s, bank statements, SSNs) transmit over expired offer-submission subdomains, and MLS data syndication cert-authenticated API failures (RESO Web API standard) breaking IDX feeds to Zillow, Realtor.com, and Redfin under NAR's IDX Policy. Merlonix monitors every brokerage- and title-company- attached subdomain so the TRID + state-DRE + IDX- syndication exposure surfaces 30 days before the failure window opens.
No credit card for the trial. Cancel any time.
- Check cadence (Agency)
- 5 min
- SSL pre-expiry alert
- 30 days
- Independent DNS resolvers
- 3
- Vendors watched
- 11
Where real-estate agencies get caught out
Three failure modes where SSL expiry creates TRID 3-business-day delivery breaches under 12 CFR §1026.19(f), state DRE + DBO consumer-protection enforcement on broker-side cert expiry, and MLS data syndication failures breaking IDX feeds to Zillow / Realtor.com / Redfin.
Real-estate agencies building tech for residential and commercial brokerages, title companies, escrow agents, MLSes, and closing-doc / e-signature platforms deal with TRID Closing Disclosure 3-business-day delivery breaches (12 CFR §1026.19(f); CFPB enforcement: $10M Wells Fargo 2018, $3.7M HomeStreet Bank 2019) when a closing-doc portal cert expiry breaks DocuSign / Notarize / Snapdocs integrations and Tuesday closings can't transmit CDs in time, state real-estate commission + DRE / DBO consumer-protection enforcement (CA DRE under §10177, NY DOS, FL DBPR, TX TREC) on broker-side cert expiry when buyer pre-qualification documents (W-2s, bank statements, SSNs) transmit over expired offer-submission subdomains, and MLS data syndication cert-authenticated API failures (RESO Web API standard) breaking IDX feeds to Zillow, Realtor.com, and Redfin under NAR's IDX Policy.
TRID (TILA-RESPA Integrated Disclosure rule, 12 CFR §1026.19(f), implementing TILA + RESPA, effective October 2015) requires the Closing Disclosure (CD) to be delivered to the consumer at least 3 business days before consummation of a closed-end consumer credit transaction secured by real property. CFPB enforcement is active: the $10M Wells Fargo settlement (2018, Consent Order 2018-CFPB-0001) cited TRID timing breaches among other violations; the $3.7M HomeStreet Bank settlement (2019) cited TRID disclosure failures. The closing-doc portal sits at the center of the closing process — it transmits the CD via DocuSign / Notarize / Snapdocs / Qualia integrations to the consumer's e-signature inbox. Cert expiry on the closing-doc portal breaks the cert-pinned API integrations to those platforms; CDs queue but never transmit; the 3-business-day delivery clock keeps running but the delivery never starts
A real-estate agency operates the closing-doc portal (closing-doc.titlecompanyname.com) for a multi-state title company with an active 22-loan closing pipeline. The cert on closing-doc.titlecompanyname.com expires Friday at 5 PM. The agency's on-call coverage is reduced for the weekend. By Tuesday at 9 AM (when the next round of closings is scheduled to consummate), 8 closings can't transmit CDs because the DocuSign + Notarize + Snapdocs integrations on the closing-doc portal all reject the expired cert. The 3-business-day TRID clock requires CD delivery by Saturday for Tuesday consummations
A real-estate agency operates the closing-doc portal for Pacific Title & Escrow, a multi-state title company licensed in California, Nevada, Arizona, Oregon, and Washington. The portal aggregates closing documents (CD, ALTA settlement statements, deed, deed of trust, promissory note, title insurance commitment, escrow instructions) and routes them through e-signature integrations: DocuSign for buyer/seller signatures, Notarize for remote online notarization (RON) where state law permits (NV + AZ allow RON broadly; CA permits limited RON under CA Civ. Code §1185; OR + WA permit RON under recent statutes), Snapdocs for lender signing-coordinator workflow, and Qualia for the title-production-system handoff. The portal at closing-doc.titlecompanyname.com hosts a cert-pinned API surface that all four integrations require. The cert is provisioned via Let's Encrypt with a 90-day cycle. The renewal automation has a known race condition: when the title company's loan-pipeline volume spikes, the renewal job's database connection pool is exhausted by competing closing-pipeline queries; the renewal job fails to acquire the cert-state lock and the renewal silently retries every 6 hours. After 14 retries (84 hours, ~3.5 days), the rate-limit budget at LE is exhausted. The previous cert expires Friday at 5:00 PM. The agency's on-call rotation is reduced for the weekend (one engineer covering 11 client portfolios; the cert-expiry alert is buried in a queue of 40+ weekend alerts). The active loan pipeline at Pacific Title at the moment of cert expiry includes 22 closings scheduled across Tuesday + Wednesday + Thursday of the following week. Of those, 8 are scheduled to consummate Tuesday morning. Under TRID, 12 CFR §1026.19(f)(1)(ii)(A), the CD must be received by the consumer at least 3 business days before consummation; "received" is defined in 12 CFR §1026.19(f)(1)(iii) — if delivered electronically and the consumer has agreed to electronic delivery (which all 8 have, via the portal's ESIGN consent), receipt is presumed when the consumer clicks the e-signature link. For Tuesday consummations, the CD must be received by end-of-day Saturday (Saturday counts as a business day for TRID timing per 12 CFR §1026.2(a)(6) "general business day" definition, but Sunday and federal holidays do not). Friday 5 PM cert expiry means the CDs queued for Friday-evening delivery cannot transmit; the Saturday delivery window is open but the cert is still expired; by Saturday end-of-day all 8 Tuesday consummations are at risk. Discovery happens Saturday morning when the title company's closing coordinator at Pacific Title gets calls from 4 borrowers asking why they haven't received their CD email. The coordinator pages the agency's after-hours line. The agency engineer triages: identifies the cert expiry. Resolution requires a manual cert renewal (bypassing the broken automation), redeployment of the cert across the portal's 4 integration adapters, validation of each integration's acceptance of the new cert (DocuSign + Notarize + Snapdocs + Qualia each have their own cert-pinning logic). Resolution takes 9 hours due to weekend availability of vendor support contacts. By the time CDs are transmitted Saturday evening, only 2 of the 8 Tuesday closings can still meet the 3-business-day rule (those CDs received before Saturday end-of-day). The other 6 must delay consummation to Wednesday (which still meets TRID with a Saturday-Sunday-Monday-Tuesday-Wednesday count, technically 4 business days from Saturday delivery if Saturday counts). But the purchase contracts on those 6 closings have hard close-by dates with per-day late penalties ($150-500/day per the standard CAR + AAR + NV REALTORS purchase agreements); the title company eats $4,200 in late fees. Worse: 3 of the 6 lender rate-locks expire Tuesday end-of-day; the borrowers must relock at current market rates (which have ticked up 18 bps); the lenders charge relock fees ($1,200-2,800 each); the borrowers blame the title company; the title company blames the agency. The remaining issue is the 22-loan pipeline through Thursday — Wednesday and Thursday closings have CD-delivery windows that the cert outage has compressed. The agency's engagement contract with Pacific Title includes uptime SLAs and a TRID-compliance indemnity (added in 2019 after the HomeStreet Bank CFPB settlement made title companies acutely aware of TRID timing exposure); the indemnity is triggered. The agency's E&O policy is engaged. The title company's referring real-estate agents (the agents who steered the closing business to Pacific Title) lose confidence; the title company estimates a 6-month dampening of referral-pipeline volume. Pacific Title's general counsel reviews whether the cert outage triggers a CFPB self-report obligation under the company's compliance management system; the GC concludes a self-report is not required but logs the event in the regulatory file in case CFPB requests it during the next examination cycle.
Each state real-estate commission (CA DRE / Department of Real Estate, NY DOS / Department of State Division of Licensing, FL DBPR / Department of Business and Professional Regulation, TX TREC / Texas Real Estate Commission) regulates broker conduct including data-handling. NAR's REALTOR® Code of Ethics Article 1 (protect/promote client interests) and Article 2 (avoid misrepresentation) supply additional standing for state commissions to interpret cybersecurity failures as consumer-protection violations. State commissions have license-suspension authority over the responsible broker-of-record. CA DRE specifically (under CA Bus. & Prof. Code §10176 and §10177) has broad authority to suspend or revoke licenses for conduct demonstrating "negligence or incompetence in performing any act for which a license is required." A cert expiry on a brokerage's offer-submission portal that exposes buyer pre-qualification documents (W-2s, bank statements, SSNs) over the open Internet is the kind of conduct that DRE investigators may interpret as negligent under §10177(g)
A real-estate agency operates a residential listing platform (offers.brokeragename.com) for a 340-agent California brokerage. The cert on offers.brokeragename.com expires Tuesday morning. Over the next 28 hours, 340 buyers submit offers — including pre-qualification documents (W-2s, bank statements, SSNs for credit-pull authorization) — over the expired cert. Discovery happens Wednesday afternoon when a buyer who's a paralegal at a CA consumer-protection firm files a CA DRE complaint
A real-estate agency operates the offer-submission platform for Coastal Brokerage, a 340-agent California residential brokerage with offices across the Bay Area, Los Angeles, Orange County, and San Diego. The platform at offers.brokeragename.com handles the buyer-side offer workflow: buyer creates an account, uploads pre-qualification documents (W-2 forms for income verification, bank statements for funds-to-close verification, SSN for the credit-pull authorization the buyer's agent runs through the lender, government ID for KYC), submits offer terms (price, contingencies, close date), and the buyer's agent transmits the offer package to the listing agent. The platform integrates with DocuSign for offer signatures and with the brokerage's transaction management system (Skyslope or Dotloop). The cert on offers.brokeragename.com is provisioned via Let's Encrypt. The renewal automation hits a CAA-validation issue when the brokerage's parent company (a national franchise) updates the apex-domain CAA records as part of a corporate cybersecurity-policy refresh; the new CAA pins to commercial CAs only and excludes Let's Encrypt. The renewal silently fails. The previous cert expires Tuesday at 7:32 AM. The agency's monitoring is configured for the brokerage's primary marketing domain (brokeragename.com) but not the offers.* subdomain (the subdomain was added 14 months ago when the platform launched and was never added to the monitoring scope). Over the next 28 hours (Tuesday 7:32 AM through Wednesday 11:30 AM), 340 buyers submit offer packages through the platform. Mobile Safari hard-blocks; iOS users (the dominant device type for buyer traffic in California) can't submit. Chrome and Firefox show the warning page; most buyers click through (the brokerage's name is well-known and buyers trust the URL). Of the 340 sessions, 220 successfully complete offer submission — uploading W-2s, bank statements, SSNs, and government IDs over the expired cert. Discovery happens Wednesday afternoon at 2:15 PM when one of the buyers — a paralegal at a CA consumer-protection litigation firm — notices the cert warning, takes a screenshot, and files a CA DRE complaint. The complaint cites CA Bus. & Prof. Code §10177(g) (negligence/incompetence) and references CCPA (Cal. Civ. Code §1798.150) for the data-breach notification implications. CA DRE opens an investigation under file number 26-DRE-RE-0827. The DRE investigator requests: (1) the broker-of-record's response to the cert outage, (2) the brokerage's incident response timeline, (3) the data inventory of what was transmitted over the expired cert, (4) the brokerage's notification plan to the 220 affected buyers, (5) documentation of the cybersecurity controls in place at the time of the incident. The broker-of-record (a 22-year-licensed broker, current designated officer of Coastal Brokerage) faces personal license-suspension risk; under §10177, the DRE has authority to suspend or revoke the responsible broker's license for conduct demonstrating negligence or incompetence. The brokerage's E&O policy is engaged; the agency's E&O policy is engaged. CCPA notification under §1798.82 is required: 220 California residents had their unencrypted PII transmitted over an unencrypted connection; the brokerage must notify within the §1798.82 timeline. The CA AG's Office is informed (over 500 affected residents would trigger an AG report; under 500 is a DRE-only report). The brokerage's parent franchise corporate counsel is engaged. The franchise's Master Franchise Agreement includes a cybersecurity-incident notification clause; the franchise corporate office may impose remedial requirements (mandatory annual cybersecurity audits, mandatory cyber-insurance minimums) that increase the brokerage's operating costs. The agency's engagement contract with Coastal Brokerage includes a cybersecurity SLA and indemnity; the indemnity is triggered. The agency's reputation in the California real-estate-tech vendor market (a small, tightly-networked community where word travels fast) takes a hit; two prospect contracts in the pipeline are paused pending review. The DRE investigation runs for 14 months; the broker-of-record receives a Stipulated Settlement requiring 30 hours of additional cybersecurity continuing education and a $5,000 fine; the brokerage receives a Letter of Reprimand on the corporate license file.
Multiple Listing Services (MLSes) syndicate listing data via cert-authenticated APIs implementing the RESO Web API standard (the Real Estate Standards Organization's OData-based replacement for legacy RETS). IDX (Internet Data Exchange) compliance under NAR's IDX Policy (last revised 2024) requires MLS member brokerages to maintain accurate, refreshed listing data on their syndication endpoints. The MLS pulls listing data from the brokerage's IDX-feed endpoint on a schedule (typically every 15 minutes for active-status changes, hourly for full inventory). Major aggregators — Zillow (via Bridge Interactive or Spark API), Realtor.com (via Realtor.com partner API), Redfin (via direct MLS feed) — pull from the MLS. When the brokerage's IDX-feed subdomain cert expires, the cert-authenticated pull from the MLS fails; the MLS marks the brokerage's feed stale; downstream aggregators show stale data; listings disappear from search; commission revenue is lost; the MLS opens a compliance audit; the brokerage owner-broker is fined under the MLS's rules-and-regulations
A real-estate agency operates the IDX-feed endpoint (idx-feed.brokeragename.com) for a 380-agent residential brokerage. The cert on idx-feed.brokeragename.com expires due to a 90-day Let's Encrypt renewal failure. The MLS's RESO Web API client at the regional MLS (CRMLS, BAREIS, MLS PIN, etc.) has cert-validation enabled by default and rejects the expired cert; the brokerage's feed is marked stale. Over a 5-day window, Zillow + Realtor.com + Redfin show stale data for the brokerage's 1,400 active listings; price changes don't propagate; status changes (Active→Pending) don't propagate; new listings don't appear; commission-on-the-table from missed buyer leads is estimated at $480k
A real-estate agency operates the IDX-feed endpoint for Summit Real Estate, a 380-agent residential brokerage operating across three California regions (Bay Area, Sacramento, Lake Tahoe). The brokerage is a participating member of three regional MLSes: BAREIS MLS (Bay Area), MetroList (Sacramento), and Tahoe Sierra Board MLS. The IDX-feed endpoint at idx-feed.brokeragename.com implements the RESO Web API standard (OData v4 over HTTPS, with bearer-token auth and TLS client-cert validation on the MLS side). Each MLS pulls listing data from the brokerage's IDX feed every 15 minutes for active-status changes and every hour for full inventory. The pulled data flows: MLS database → MLS's Bridge Interactive or Spark API export → Zillow (via Bridge), Realtor.com (via the Realtor.com partner API which pulls from the MLS), Redfin (via direct MLS data licensing). The brokerage's 1,400 active listings (residential single-family + condos + multi-family + raw land across the three regions) appear on all three aggregators sourced from the MLS data, which is sourced from the brokerage's IDX feed. The cert on idx-feed.brokeragename.com is provisioned via Let's Encrypt. The renewal automation has a known issue with the brokerage's legacy DNS provider (a small regional provider used for historical reasons; the brokerage migrated other DNS to Cloudflare but kept the legacy provider for the idx-feed.* subdomain because the cert-authenticated MLS API requires a static IP that the legacy provider supplies). The legacy provider's DNS API has rate limits that the LE renewal automation occasionally hits during high-volume DNS query periods. The previous cert renewal attempt at day 60 of the 90-day cycle hit the rate limit; the renewal silently retried daily and was rejected each time. The cert expires Monday at 11:14 AM. The MLS's RESO Web API client at all three MLSes attempts the next 15-minute pull at 11:30 AM, the cert validation fails, and each MLS's ingestion system marks the brokerage's feed as stale. Each MLS's rules-and-regulations require feeds to update at minimum every 24 hours; after the 24-hour window passes (Tuesday 11:30 AM), the brokerage's feed is flagged as out-of-compliance with NAR's IDX Policy section requiring "accurate and current" data. The MLS's data integrity team begins automated outreach to the broker-of-record at the brokerage. The broker-of-record's email contact is a generic admin@ that's checked once-a-day; the outreach email is read Wednesday morning. By that point, the cert has been expired for 48 hours and the brokerage's 1,400 listings have shown stale data on Zillow + Realtor.com + Redfin for 2 days. Over the 5-day window before resolution: (1) 220 listings had price changes (price reductions for stale inventory) that didn't propagate; buyers see the old higher price and don't inquire; (2) 80 listings transitioned Active→Pending or Active→Sold; the stale data shows them as Active and buyer leads come in for properties already off the market; the listing agents waste time responding; (3) 45 new listings posted to the MLS during the window never appeared on the aggregators (Zillow/Realtor.com/Redfin only have what the MLS gives them; the MLS doesn't have what the brokerage's feed didn't deliver); the new listings missed peak first-week visibility (which drives 60% of buyer interest in the first week per NAR data); (4) 8 listings had photo-update events (additional photos added) that didn't propagate; the photos that drive click-through on Zillow+Realtor.com aren't there. Discovery happens Friday morning when an agent at the brokerage notices her own listing dropped from Zillow (her listing went Active→Pending Tuesday; Zillow still shows it Active; she gets a buyer-lead inquiry for it). She emails her broker-of-record. The broker-of-record contacts the agency. The agency engineer triages and identifies the LE renewal failure. Resolution requires manually obtaining a cert via DNS-01 challenge through the legacy DNS provider (manual DNS record creation), installing the cert on the IDX-feed endpoint, and contacting each of the three MLSes to request an immediate refresh-pull of the feed (each MLS's feed-refresh process takes 4-8 hours). Resolution takes 36 hours. By Saturday evening the feed is current at the MLSes; downstream aggregators take an additional 24-48 hours to reflect the corrected data. Total downstream-stale window: 5 days. The MLS opens a compliance audit at all three MLSes. Each MLS's rules-and-regulations include fines for IDX-feed non-compliance: BAREIS imposes a $500/day fine after the 24-hour grace period; MetroList imposes a $250/day fine; Tahoe Sierra Board imposes a $300/day fine. Total MLS fines: approximately $5,400 across the three MLSes. The broker-of-record absorbs the fines (the brokerage's policy passes them through to the brokerage P&L; the responsible broker takes a personal note in the file). The commission-on-the-table from missed buyer leads is harder to quantify but the brokerage's general manager estimates $480k in lost commission revenue across the 5-day window (calculated from average lead-to-close rate of 2.1%, average commission of $14k/transaction, and the estimated 1,800 buyer leads that didn't arrive due to stale or missing aggregator data). The agency's engagement contract with Summit Real Estate includes uptime SLAs but does not include a commission-pass-through indemnity; the agency offers a 3-month service credit ($18k) as goodwill. The brokerage's general manager reviews the agency relationship; the relationship continues but with a quarterly cybersecurity review added to the engagement.
How it works
SSL and DNS monitoring for real-estate agencies across closing-doc portals (TRID 12 CFR §1026.19(f) 3-business-day delivery exposure), offer-submission platforms (state DRE + DBO consumer-protection exposure under §10177 + CCPA), and IDX-feed endpoints (NAR IDX Policy + MLS rules-and-regulations exposure for Zillow / Realtor.com / Redfin syndication).
Merlonix monitors SSL expiry and DNS integrity across every brokerage- and title-company-attached subdomain — closing-doc.* (closing-doc portal with DocuSign / Notarize / Snapdocs / Qualia integrations), offers.* (buyer offer-submission with pre-qualification document upload), idx-feed.* (RESO Web API endpoint serving the regional MLS), listings.* (consumer- facing listing search) — and catches cert expiry before any closing-doc CD transmission can fail and put a Tuesday closing's TRID 3-business-day delivery at risk, before any buyer pre-qualification document can transmit over an expired offer-submission subdomain and trigger a state DRE consumer-protection complaint, and before any IDX-feed cert can stale out and cause Zillow / Realtor.com / Redfin syndication to drop the brokerage's 1,400 active listings. Each brokerage subdomain gets independent monitoring because each one carries independent regulatory exposure that flows back to the agency under the engagement's cybersecurity SLA + TRID indemnity.
01
Add every brokerage- and title-company-attached subdomain — closing-doc.*, offers.*, idx-feed.*, listings.*, plus the brokerage's primary marketing domain — with DNS TXT verification that catches cert expiry on TRID + state-DRE + IDX-syndication-scope infrastructure 30 days before the failure window opens
Verify ownership with a DNS TXT record on the apex domain. All brokerage- and title-company-attached subdomains under that apex — closing-doc.* (closing-doc portal with DocuSign / Notarize / Snapdocs / Qualia integrations), offers.* (buyer offer-submission platform with pre-qualification document upload), idx-feed.* (RESO Web API endpoint serving the regional MLS), listings.* (consumer-facing listing search) — are added without additional verification. Monitoring every brokerage-attached subdomain catches cert expiry 30 days before the failure window opens — well before any closing-doc CD-transmission failure can put a Tuesday closing's 3-business-day TRID delivery at risk, well before any buyer pre-qualification document can transmit over an unencrypted offer-submission subdomain and trigger a CA DRE consumer-protection complaint, and well before any IDX feed can stale out at Zillow / Realtor.com / Redfin. Under two minutes per brokerage.
02
CAA inheritance monitoring across brokerage parent-franchise corporate policy refreshes, MLS-mandated security reviews, and registrar changes — surfacing the CAA tightening that breaks Let's Encrypt renewal during peak closing weeks
Three independent DNS resolvers check every CNAME and CAA record on every monitoring interval, walking the CAA inheritance chain from the apex up. When a national real-estate franchise's corporate cybersecurity-policy refresh tightens CAA records on the brokerage's apex (most national franchises have rolled out commercial-CA-only CAA pinning over the past 24 months), or when a regional MLS's vendor security review triggers IT changes at a member brokerage, the change is detected in the first check cycle — well before the next 90-day cert renewal hits the tightened CAA list and silently fails. The implications are particularly important during peak closing weeks (typically the last week of each month, when 30%+ of monthly transaction volume consummates) when a cert failure can put TRID 3-business-day deliveries at risk.
03
SSL monitoring 30 days before expiry across closing-doc portals, offer-submission platforms, IDX-feed endpoints, and consumer-facing listing search — independent per-subdomain checks because each one has independent regulatory exposure
Full SSL chain validation on every brokerage-attached subdomain. Independent checks per-subdomain catch cert expiry 30 days before the failure window opens — enough time to coordinate any cert-pinning requirements with DocuSign / Notarize / Snapdocs / Qualia (each integration has its own cert-pinning logic), test the new cert against the regional MLS's RESO Web API client validation (BAREIS, MetroList, Tahoe Sierra, CRMLS, BAREIS each have varying TLS expectations), validate against mobile Safari traffic on offer-submission platforms (the dominant device type for California buyer traffic), and avoid deploy collisions with the last-week-of-month peak-closing window where TRID timing is most exposed. The 30-day lead time covers both the 90-day Let's Encrypt cert cycle and the worst-case commercial-CA account-opening cycle if a national franchise CAA tightening forces a switch.
04
Vendor status for the major real-estate-tech platforms (DocuSign, Notarize, Snapdocs, Qualia, RealPage, AppFolio, Yardi, Bridge Interactive, Spark API, Zillow Tech Connect, Realtor.com partner API), and Let's Encrypt — to distinguish vendor-side incidents from per-brokerage SSL configuration failures
Merlonix monitors DocuSign status, Notarize status, Snapdocs status, Qualia status, RealPage / AppFolio / Yardi (property-management adjacencies), Bridge Interactive (Zillow's MLS data ingestion platform), Spark API (the alternative MLS data ingestion platform), Zillow Tech Connect (the Zillow listing-syndication API), and the Realtor.com partner API alongside the brokerage's cert state — so when DocuSign has an enterprise-wide incident during peak closing-week volume, you see the vendor event clearly rather than spending hours investigating whether the brokerage's closing-doc.* subdomain has a cert problem. Vendor status monitoring is also useful for distinguishing a Bridge Interactive ingestion-side issue from a per-brokerage IDX-feed cert configuration failure.
What the numbers mean for real-estate agencies
Monitoring built for real-estate agencies where one client portfolio means a closing-doc portal (TRID 12 CFR §1026.19(f) 3-business-day delivery exposure with CFPB enforcement precedent), an offer-submission platform (state DRE + DBO consumer-protection exposure under CA Bus. & Prof. Code §10177 + CCPA notification under §1798.82), and an IDX-feed endpoint (NAR IDX Policy + per-MLS rules-and-regulations fine schedules + commission-on-the-table from Zillow / Realtor.com / Redfin syndication gaps) — each with independent regulatory implications when a cert silently expires and the agency's engagement contract inherits TRID-compliance indemnity + state-DRE-investigation cooperation obligations.
Real-estate agencies operating client-facing tech for brokerages, title companies, escrow agents, and MLSes need monitoring that recognizes each brokerage-attached subdomain has independent regulatory exposure — because the TRID-side failure is silent (CDs queue but never transmit; the 3-business-day clock keeps running; closings that should have consummated Tuesday must delay; per-day late penalties accrue under purchase contracts; lender rate-locks expire and trigger relock fees), the state-DRE-side failure is silent (buyers click through the browser warning to upload W-2s + bank statements + SSNs; CCPA notification obligations trigger; the broker-of-record faces personal license- suspension risk under §10177), and the IDX-syndication-side failure is silent (the MLS marks the feed stale after 24 hours; downstream aggregators show stale data for days; listing agents waste time on dead leads; commission revenue is lost across the syndication-gap window).
< 10 min
Time from DNS change to alert — catches CAA tightening introduced by national real-estate franchise corporate cybersecurity-policy refreshes (commercial-CA-only CAA pinning has rolled out across most national franchises over the past 24 months) that silently break Let's Encrypt renewal on closing-doc portals and IDX-feed endpoints before the next 90-day cycle, plus registrar nameserver changes during peak last-week-of-month closing windows
30 days
SSL expiry warning lead time — enough time to coordinate cert-pinning with DocuSign / Notarize / Snapdocs / Qualia (each integration has its own cert-pinning logic), test the new cert against the regional MLS's RESO Web API client validation, validate against mobile Safari traffic on offer-submission platforms, and avoid deploy collisions with the last-week-of-month peak-closing window where TRID 3-business-day timing is most exposed
11 vendors
Upstream services monitored — DocuSign, Notarize, Snapdocs, Qualia, RealPage, AppFolio, Yardi, Bridge Interactive (MLS data ingestion to Zillow), Spark API (alternative MLS ingestion), Zillow Tech Connect, Realtor.com partner API, and Let's Encrypt. Distinguishes a vendor-side platform incident from a per-brokerage SSL configuration failure
200 assets
Maximum monitored domains on the Agency plan — covers a full real-estate-vertical portfolio: 30+ brokerage clients each with closing-doc.*, offers.*, idx-feed.*, listings.*, sso.*, and apex subdomains, plus title-company clients with closing-doc.*, escrow.*, and apex subdomains. Multi-state title companies with separate state-licensed entity subdomains are absorbed without per-domain fees
Pricing
Flat monthly fee. Every brokerage-attached subdomain, every closing-doc portal, every IDX-feed endpoint included.
No per-brokerage charges. No per-MLS fees. Pick the tier that fits your real-estate-vertical portfolio and monitor every regulated subdomain (closing-doc.*, offers.*, idx-feed.*, listings.*) under each client's apex without billing surprises.
Starter
For solo developers or two-person agencies operating a single brokerage's closing-doc portal, offer-submission platform, and IDX-feed endpoint under one apex domain.
$29/ month
- 10 monitored assets
- 1 seat
- 15-min check cadence
- SSL + DNS + vendor monitoring
- Email + Slack alerts
Team
For real-estate agencies managing 5-10 brokerage and title-company clients with separate closing-doc.*, offers.*, idx-feed.*, and listings.* subdomains per client, plus the client's primary marketing domain.
$79/ month
- 50 monitored assets
- 5 seats
- 10-min check cadence
- SSL + DNS + vendor monitoring
- Email + Slack alerts
Agency
For agencies with a full real-estate-vertical client roster including multi-state title companies, regional brokerages with 300+ agents, and IDX-feed endpoints serving multiple regional MLSes (BAREIS, MetroList, CRMLS, MLS PIN, etc.) with closing-doc.* + offers.* + idx-feed.* + listings.* + sso.* + apex subdomains per client.
$199/ month
- 200 monitored assets
- 15 seats
- 5-min check cadence
- SSL + DNS + vendor monitoring
- Email + Slack alerts
Know when closing-doc.titlecompanyname.com is approaching cert expiry — 30 days before a Friday-evening cert failure can put 8 Tuesday closings' TRID 3-business-day delivery at risk under 12 CFR §1026.19(f).
Add your first brokerage subdomain in under two minutes. Closing-doc portals, offer-submission platforms, IDX-feed endpoints, and consumer-facing listing search across every brokerage and title-company client in your portfolio are monitored from the same dashboard. 14-day trial, no card required.