diff --git a/README.md b/README.md
index b7b687d8..0d36329e 100644
--- a/README.md
+++ b/README.md
@@ -916,6 +916,7 @@ notify:
   dingtalk:
     - name: "dingtalk alert service"
       webhook: "https://oapi.dingtalk.com/robot/send?access_token=xxxx"
+      secret: "" # sign secret if set
   # Notify to Lark
   lark:
     - name: "lark alert service"
diff --git a/notify/dingtalk/dingtalk.go b/notify/dingtalk/dingtalk.go
index 6d9628f8..a3cfb5ac 100644
--- a/notify/dingtalk/dingtalk.go
+++ b/notify/dingtalk/dingtalk.go
@@ -19,10 +19,15 @@ package dingtalk
 
 import (
 	"bytes"
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"net/url"
+	"time"
 
 	"github.com/megaease/easeprobe/global"
 	"github.com/megaease/easeprobe/notify/base"
@@ -34,6 +39,7 @@ import (
 type NotifyConfig struct {
 	base.DefaultNotify `yaml:",inline"`
 	WebhookURL         string `yaml:"webhook"`
+	SignSecret         string `yaml:"secret"`
 }
 
 // Config configures the dingtalk notification
@@ -61,7 +67,7 @@ func (c *NotifyConfig) SendDingtalkNotification(title, msg string) error {
 		}
 	}
 	`, title, msg)
-	req, err := http.NewRequest(http.MethodPost, c.WebhookURL, bytes.NewBuffer([]byte(msgContent)))
+	req, err := http.NewRequest(http.MethodPost, addSign(c.WebhookURL, c.SignSecret), bytes.NewBuffer([]byte(msgContent)))
 	if err != nil {
 		return err
 	}
@@ -92,3 +98,16 @@ func (c *NotifyConfig) SendDingtalkNotification(title, msg string) error {
 	}
 	return nil
 }
+
+// add sign for url by secret
+func addSign(webhookURL string, secret string) string {
+	if secret != "" {
+		timestamp := time.Now().UnixMilli()
+		stringToSign := fmt.Sprint(timestamp, "\n", secret)
+		h := hmac.New(sha256.New, []byte(secret))
+		h.Write([]byte(stringToSign))
+		sign := url.QueryEscape(base64.StdEncoding.EncodeToString(h.Sum(nil)))
+		return fmt.Sprint(webhookURL, "&timestamp=", timestamp, "&sign="+sign)
+	}
+	return webhookURL
+}