| Table of Contents |
|---|
2024-05-0222
| Status | |
|---|---|
|
...
|
...
|
...
Known External Sender
Found within: https://app.inkyphishfence.com/settings/analysis
You can identify known external senders with which your organization frequently does business or has some other legitimate relationship.
To configure, set the Maximum age (in days) for a domain to be deemed "newly registered" within the range of 1 to 60 days. Alternatively, set it to 0 to deactivate this feature.
By default, this Threat Category will trigger a Caution Banner. However, selecting the checkbox will elevate all messages categorized as "newly registered," based on the specified maximum age, to Danger status.
...
| Status | ||||
|---|---|---|---|---|
|
Recently added, a new manual threat category dubbed "Potential Sender Risk" empowers admins to directly flag potential risks within INKY. Paired with the new DMARC authentication method, this feature grants admins greater command over their email flow.
This category can be useful when shared addresses from SaaS services like Dropbox are used during phishing campaigns and are unable to fully block a sender.
Add this category using the normal “Add new entry” option on the Block List configuration page hereAuthenticated messages from these senders will be labeled Known External in banners. Note that authenticated, external messages from a team domain will automatically be considered Known External, so there is no need to add any team domains here.
The value here should be a comma-separated list of email addresses, fully-qualified domain names, or registered domains (will automatically include all subdomains).
Bonus Protections for Confusable Domains: Any domain listed within the Known External Sender setting will always be used when evaluating the confusable domain check (e.g., lnky.com and inky.com).
...
Known External Senders Examples:
Consider the following entry within the Known External Senders text area.
| Code Block |
|---|
company.com, matt@organization.com, securitytides.com |
company.com - all mail authenticated from company.com will be considered as Known External Sender and used when evaluating Confusable Domains.
matt@organization.com - only mail authenticated from organization.com when the mail from is matt@organization.com will be considered as Known External Sender, however, all mail from the domain organization.com will be used when evaluating Confusable Domains.
securitytides.com - all mail authenticated from securitytides.com will be considered as Known External Sender and used when evaluating Confusable Domains.
...
| Status | ||||
|---|---|---|---|---|
|
Found Within: https://app.inkyphishfence.com/settings/block-list
...
If organizations want to further distinguish more trusted communications from Known External Senders and Internal Mail, you’ll now be able to include a Blue Banner color for them. Simply check the box that says “use color in Neutral banners to differentiate known senders (Internal and Known External) from other External senders.”
...
| Status | ||||
|---|---|---|---|---|
|
...
Delete Entries from the Allow or Block Lists
Admins can now delete entries from their Allow and Block list. You can delete directly from the active list, as well as the disabled list. Simply select an entry then “More info” to expose the below settings giving the option to delete.
...
Elevate Entries from the Allow or Block Lists at a Team Level to an Organization
Organization Admins can now elevate team level Allow and Block list entries up to the top of their hierarchy, so they apply to all teams.
Make sure you’re on the appropriate organization level, which is denoted in the Team Filter with the skyscraper icon.
...
When accessing https://app.inkyphishfence.com/settings/allow-list and https://app.inkyphishfence.com/settings/block-list , you'll find the familiar Allow and Block List options. However, a new column labeled "Team" has been introduced in the table entries. Entries marked with "(all teams)" next to the team’s name apply to all child teams within the organization, while those without it apply only to the specific team.
To promote a team-level entry to an organization-level entry, simply select the desired entry, click "More info," and choose "Copy to Organization" in the popup. A subsequent modal will appear, confirming the parent organization and showing the number of teams it will impact.
...
Once copied you’ll see the new entry in the table with the (all teams) designation.
...
| Status | ||||
|---|---|---|---|---|
|
In the Widget Filter Editor, you can now search for specific Phish and Spam content reason categories. Navigate to Analysis → Phish or Spam Content in the filter to view the list of matches. The current expanded categories are listed below. INKY will add more categories as needed.
Spam
Block List
Mostly Blank Message
Pattern Match
Spam Engine
Spam Sender
Upstream Google Classification
Upstream Microsoft Classification
Phish
Bad HTML Attachment
Bad PDF Attachment
Block List
Fake Voicemail
Pattern Match
Personalized Phish
Phishing Sender
The message detail view of a particular message will expand more on what these subcategories are.
...
| Status | ||
|---|---|---|
|
Found at the bottom of the Widget Filter Editor is a new search tool to find a sub filter faster. For example, if I wanted to find the Phishing Content filter from above you can search “phish” and select the appropriate option.
...
| Status | ||
|---|---|---|
|
Added teamId and Recipient To Addresses to metadata tab
Added URL copy/Open in new window buttons
Enabled the message tag editor
New workflow statuses in the timeline with clickable rule names to take user to the Rules tab
| Status | ||
|---|---|---|
|
QR Code detection has been improved to ensure detection even when the DPI of a QR Code image is too low for traditional methods.
| Status | ||
|---|---|---|
|
The Gradient MSP PSA integration now supports INKY's latest products: Graymail, Email Signatures, and DMARC Analysis (coming soon).
Customizable Organization Profiles and Settings Inheritance
Organization Profiles have been used at INKY for many years. They have only been configurable by an INKY admin though, now with our latest update all super admins within an organization can view and manage their organizations profile.
To get started simply go to your organization level, denoted by the skyscraper symbol, where you’ll now see many more of the settings options available.
...
Selecting any of the settings options on the left will bring a familiar page but will now show where the settings inheritance is coming from. There are three icons to note the settings inheritance:
Globe: inheriting the default policy from INKY. 🌐
Skyscraper: overriding the global policy and applying to all teams. 🏢
Person: overriding the global policy and organization policy to set a local team policy. 🧑🦱
...
When making a change from the Organization level you’ll see a new popup warning you that saving the settings will apply to all of the teams within your hierarchy.
...
Once you have an organization profile set, you’ll see the skyscraper symbol on your end customer team, meaning you’re inheriting from the organization. Now you have the option to override an inherited setting at the team level if necessary.
Inheritance in settings flows from the top down, but the lower the setting is configured, the higher its priority. For example, a change made at the team level will override settings at the organization and global levels.
| Status | ||||
|---|---|---|---|---|
|
Coupled with our new Known External Sender setting comes a Possible Spoofed Known Sender threat category. Whenever an email comes in that matches a domain or email address from the Known External Senders list but doesn’t pass authentication (SPF/DKIM/DMARC) then it’ll be treated as a Possible Spoofed Known Sender.
...