The Advanced Block List feature allows you to create and manage custom rules to target potential threats based on URLs, attachments, and other properties of email messages. These rules help enhance your security by automatically assigning a threat category and threat level when a message or link meets the specified criteria.
...
Rule Matching:
When an email or a link matches one of your configured rules, the system assigns a threat category and level based on the rule’s mode.Example 1: Analysis time (Pre-Delivery):
If an incoming email matches one or more rules, the system assigns every corresponding threat category. For example, if one rule flags the email as Phishing Content and another flags it as Spam Content, the email will be assigned the highest threat category among the matched ruleslabeled with both threat categories.Example 2: Link Click (Post-Delivery):
When link rewriting is enabled, if a user clicks a link that triggers a rule set to Danger mode, the system will classify the content as "Phishing Content" and redirect the user to a blocker page, as configured on the Markup page.
At click time (post-delivery), only link-specific conditions are evaluated—this includes URL, URL FQDN, URL registered domain, and URL (Advanced Match).
Unauthenticated Senders:
There is an option to restrict rules so that they only match messages from unauthenticated senders.Rules are only applied at Team Levels:
As an INKY partner, you may manage multiple teams. Currently, Advanced Block List rules operate only at the team level. We are actively developing an update to allow rule configuration at the organization level—enabling rules to apply across all teams in your hierarchy that have the required SKU. Expect this enhancement to be available before Q2 2025.
...
URL Options:
URL: Matches against the entire URL.
URL FQDN: Matches the fully qualified domain name.
URL Registered Domain: Matches the registered domain.
Link (Advanced): A combination of the above URL-based criteria.
| Note |
|---|
At click time (post-delivery), only link-specific conditions are evaluated—this includes URL, URL FQDN, URL registered domain, and URL (Advanced Match). At analysis time (pre-delivery), multiple conditions can be joined with Link conditions to make decisions. |
Attachment Options:
Attachment Name: Matches based on the file name.
Attachment Mimetype: Matches based on the file type.
Attachment MD5 Hash: Matches based on the file’s MD5 hash.
Attachment (Advanced): A combination of the above attachment criteria.
...
Q: How does the system decide which threat category to assign if multiple rules are matched?
A: If an incoming email matches one or more triggers multiple rules, the system assigns the highest threat category among the matched rulesevery corresponding threat category. For example, if one rule flags the email as Phishing Content and another flags it as Spam Content, the email will be labeled with both threat categories.
Q: Can I restrict a rule to only apply to unauthenticated senders?
A: Yes. There is a checkbox option that allows you to limit a rule so that it only applies to messages from unauthenticated senders.
Q: How does link rewriting interact with the Advanced Block List?
A: If When link rewriting is enabled, and if a user clicks on a link that matches triggers a rule set to Danger mode rule, the system will classify classifies the content as "Phishing Content" and redirect redirects the user to a blocker page , as specified defined in the link rewriting settings on the Markup page. At click time (post-delivery), only link-specific conditions are evaluated—this includes URL, URL FQDN, URL registered domain, and URL (Advanced Match). At analysis time (pre-delivery), multiple conditions can be joined with Link conditions to make decisions.
Q: Can I modify or delete rules once they are created?
A: Yes. You can edit, update, or remove rules at any time through the Advanced Block List configuration page.