Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: v20201105a
Table of Contents

2024-0811-2005

Status
colour

...

Blue
title

...

new feature
-

...

With this release comes the launch of INKY’s DMARC Monitoring as generally available.

INKY's DMARC Monitoring solution streamlines the DMARC process by offering a dedicated reporting address to collect these RUA reports. The service then aggregates and analyzes the data, presenting it in an intuitive dashboard. This empowers administrators to quickly identify issues and take appropriate action, ensuring robust email security and maintaining domain integrity.

DMARC Monitoring requires an extra entitlement, please reach out to support@inky.com or your account executive to get enabled for a trial.

Learn more: DMARC Monitoring

Status
colourPurple
titlenew threat Category
- Executable File

We’ve added a new threat category called Executable File which defaults to a yellow caution banner. While most organizations would never see these messages to begin with, due to default Microsoft and Google settings, some have requirements to process all emails. This category is given when one of the referenced filetypes is found in an email: Executable File Extensions Reference

Status
colourBlue
titlenew feature
- Wildcard Support for Outbound Mail Protection Approvers

Used primarily as a fall back for the approval flow INKY now supports the wildcard “*” pattern in the Sender Pattern qualification input.

The below screenshot is an example of a fallback approver set to matt@polvocapital.com where any email that doesn’t have a more specific approver setup will fall back to.

...

License Management

As INKY moves into 2025 you’ll begin to see more updates regarding easier management of teams within INKY. We’re getting started with moving the install, update, and uninstall process from the current external portal all within the INKY console. We’ll be moving parts of the process over piece by piece to ensure a smooth experience but we’re starting first with the Uninstall process.

From the Partner License page in the INKY Partner Center Licenses - INKY you’ll see a list of your licenses. If you need to uninstall a team or uninstall and remove a team, you’ll be able to utilize the new Unredeem License / Uninstall INKY option.

To show the option hover over the license you need to modify.

...

When you select the icon shown in the screenshot above, you’ll be greeted by an Uninstall Confirmation Modal.

...

If you want to just Uninstall the team for a particular reason you can UNCHECK the Offboard Client option.

If you want to completely remove the team from INKY, delete all the mail flow, dashboard access, and unredeem the license leave the Offboard Client option checked.

Note

Offboarding a client using this option completely removes all routing, admins, M365 configurations, and access to the client once completed. Only perform this option when you are fully ready to offboard a client.

Billing automation is coming Q1 2025 if you offboard a client from now until the next feature is released you will still need to notify INKY via support@inky.com that you’re removing a team to adjust billing.

Once you select Uninstall, you’ll be greeted by another modal saying that the uninstall has started and provides you a link to the new Tenant Operations page (discussed next) to watch the uninstall process if necessary.

...

Status
colourBlue
titlenew feature
-

...

Found on the https://app.inkyphishfence.com/settings/signatures configuration page under the Styling & Formatting section is a new Maximum signature width option. This width defaults to 600px which is the maximum we’d recommend. Based on screen sizes of modern devices including laptops, tablets, and phones we’d recommend the following sizes below, but you can play around with whatever works for your organization.

  • Max: 600px

  • Best Fit: 450px

  • Min: 320px

If you have a banner image that is larger than the maximum width set, then it will extend past that boundary.

...

Status
titleENHANCEMENT
- QR Code Detection - HTML Table Phish

QR code phishing has become one of the most rapidly growing forms of phishing, especially since QR codes gained popularity during the global pandemic. Recently, INKY has observed a new evolution of this tactic, where QR codes are constructed using HTML tables and ASCII characters. We've noticed this technique emerging over the past few months and have implemented protections against it. Now, we’d like to share how it works and how we defend against it.

We’ve encountered this technique before, particularly when attackers impersonate the Microsoft brand. Take a look at the table below; it closely resembles the Microsoft logo. While Confluence might not fully capture the colors, it’s possible to get much closer in an email. Creating a logo using a table that closely mimics the standard Microsoft logo at a glance is an effective way to bypass detection platforms that don’t scan rendered images—unlike INKY, which employs Computer Vision (CV) checks. While it looks like a table when scanned by a machine, our CV checks reveal it as a brand impersonation of Microsoft.

...

Now, apply this concept to a QR code. QR codes are simply groups of black squares arranged in a way that allows users to scan them with a camera to navigate to a link. But what if you created a table of squares, filled in with black or white backgrounds, or even used the ASCII character █, to mimic a QR code?

While this technique might seem time-consuming, filling in the squares can be automated with simple scripting and then deployed at scale. Take a look at the examples below. The first image is the QR code without the table's grid lines—it looks exactly like a typical QR code but is incredibly difficult to detect because it’s not a standard image format. The second example reveals the grid lines, exposing the underlying technique.

INKY can detect this new technique in the same way we detect brand impersonations of Microsoft using tables—by analyzing the rendered DOM to see what the user sees. Although the email contains <table> or <pre> tags instead of an image in the HTML, our Computer Vision checks recognize that the user is actually seeing a QR code. INKY then scans the QR code and assesses whether it's dangerous. Even if it’s not classified as dangerous, INKY will still use the Email Assistant Banner to warn users with a message like “Beware of unexpected QR codes from unknown senders.” If the QR code is deemed dangerous, we’ll mark the email as malicious and send it to the admin quarantine based on your delivery settings.

...

Status
titleENHANCEMENT
- VIP List Authentication Checks

INKY has introduced a new checkbox option to enable authentication for VIP List checks. Previously, INKY would strictly match any "From" email address against the VIP list, considering it a match even if the email didn't pass authentication.

With this new option, the VIP list becomes more secure by requiring authentication for the "From" email address. This feature is currently rolling out to all customers and will become the default setting for all new teams in the future.

To enable this option, navigate to VIP List Settings.

...

Status
titleENHANCEMENT
- Block List applies to Reply-To

If an email address or domain listed on the block list is found within the Reply-To of a message then it will also match for that given block list entry.

For example, if a block list entry is added for tyler@productreport.ai or productreport.ai then it would apply to this email because the Reply-To is listed as that email address/domain.

...

Tenant Operations

The new Tenant Operations page will be a single source of truth for the status of an INKY tenant and the related M365 or Google Workspace configurations. We’ll continue to add more features to this new page as they’re built but they will eventually include the full end to end install, update, and uninstall process.

Found on the new page here: Tenant Ops - INKY

The Tenant Operations page consist of three core sections, the Deployment Actions, Operation List, and Operation Logs.

...

Deployment Actions

In this section we’ll begin to include the various actions needed to get a tenant onboarding with INKY. Our first step here is to add the Uninstall action but we’re working towards merging the entire onboarding process here.

Operation List

This list is a grouping of actions taken against the current tenant with accompanying logs when selecting the “View Logs” option.

Operation Logs

After selecting the View Logs option you’ll see a list of the logs associated with that action and can view any detail as necessary. These logs are similar to the INKY Discoveries we’ve taken during the current action processes we have today.

...

Status
colourBlue
titlenew feature
- Sender and Recipient Address Filters for Quarantine Page

Added to the Quarantine Page Quarantine - INKY are new filter options to adjust the messages that are returned when querying M365’s quarantine. This includes senders and recipients. Applying filters can help speed up the search and focus on specific messages.

...

Status
colourBlue
titlenew feature
- Message Trace Outbound Messages

Initially the Message Trace feature within INKY was only for inbound messages. With this update you’ll see that you’re now able to search for outbound messages as well. This is helpful when debugging internal and outbound emails. Simply flip the Direction to Outbound and search based off the Message-ID and Sender Address.

...

Status
titleENHANCEMENT
- Signature Font Size and Font Family Additions

Some additional options were added to our Styling & Formatting settings within Email Signatures.

Added options:

  • Font size 9pt (lowest recommended font size)

  • Additional Font families pulled from W3’s recommended font list for the most compatible web fonts. CSS Web Safe Fonts

...

Status
titleENHANCEMENT
- Delegate Tenant Access during Install

Delegated Tenant Access was added a couple of release ago but previously you could only delegate the access after the team was installed by navigating to the API access page. You’ll still be able to delegate access from the API access page, however, for new teams we’ve added a new step in our installer, so the delegation happens then. It is configurable if you don’t need or want to delegate access at that time.

...