The Advanced Block List feature allows you to create and manage custom rules to target potential threats based on URLs, attachments, and other properties of email messages. These rules help enhance your security by automatically assigning a threat category and threat level when a message or link meets the specified criteria.
...
Rule Matching:
When an email or a link matches one of your configured rules, the system assigns a threat category and level based on the rule’s mode.Example 1: Analysis time (Pre-Delivery):
If an incoming email matches one or more rules, the system assigns every corresponding threat category. For example, if one rule flags the email as Phishing Content and another flags it as Spam Content, the email will be labeled with both threat categories.Example 2: Link Click (Post-Delivery):
When link rewriting is enabled, if a user clicks a link that triggers a rule set to Danger mode, the system will classify the content as "Phishing Content" and redirect the user to a blocker page, as configured on the Markup page.
At click time (post-delivery), only link-specific conditions are evaluated—this includes URL, URL FQDN, URL registered domain, and URL (Advanced Match).
Unauthenticated Senders:
There is an option to restrict rules so that they only match messages from unauthenticated senders.Rules are only applied at Team Levels:
As an INKY partner, you may manage multiple teams. Currently, Advanced Block List rules operate only at the team level. We are actively developing an update to allow rule configuration at the organization level—enabling rules to apply across all teams in your hierarchy that have the required SKU. Expect this enhancement to be available before Q2 2025.
...
Attachment Options:
Attachment Name: Matches based on the file name.
Attachment Mimetype: Matches based on the file type.
Common MIME Types
Attachment MD5 Hash: Matches based on the file’s MD5 hash.
Attachment (Advanced): A combination of the above attachment criteria.
...