2024-05-02
NEW THREAT CATEGORY - Newly Registered Domain
By default, the new "Newly Registered Domain" threat category will classify all emails falling below the specified threshold in the Domain Age Analysis section of the dashboard, accessible here: https://app.inkyphishfence.com/settings/analysis .
To configure, set the Maximum age (in days) for a domain to be deemed "newly registered" within the range of 1 to 60 days. Alternatively, set it to 0 to deactivate this feature.
By default, this Threat Category will trigger a Caution Banner. However, selecting the checkbox will elevate all messages categorized as "newly registered," based on the specified maximum age, to Danger status.
NEW THREAT CATEGORY - Potential Sender Risk
Recently added, a new manual threat category dubbed "Potential Sender Risk" empowers admins to directly flag potential risks within INKY. Paired with the new DMARC authentication method, this feature grants admins greater command over their email flow.
This category can be useful when shared addresses from SaaS services like Dropbox are used during phishing campaigns and are unable to fully block a sender.
Add this category using the normal “Add new entry” option on the Block List configuration page here: https://app.inkyphishfence.com/settings/block-list
NEW FEATURES - Allow and Block Lists Updates
Delete Entries from the Allow or Block Lists
Admins can now delete entries from their Allow and Block list. You can delete directly from the active list, as well as the disabled list. Simply select an entry then “More info” to expose the below settings giving the option to delete.
Elevate Entries from the Allow or Block Lists at a Team Level to an Organization
Organization Admins can now elevate team level Allow and Block list entries up to the top of their hierarchy, so they apply to all teams.
Make sure you’re on the appropriate organization level, which is denoted in the Team Filter with the skyscraper icon.
When accessing https://app.inkyphishfence.com/settings/allow-list and https://app.inkyphishfence.com/settings/block-list , you'll find the familiar Allow and Block List options. However, a new column labeled "Team" has been introduced in the table entries. Entries marked with "(all teams)" next to the team’s name apply to all child teams within the organization, while those without it apply only to the specific team.
To promote a team-level entry to an organization-level entry, simply select the desired entry, click "More info," and choose "Copy to Organization" in the popup. A subsequent modal will appear, confirming the parent organization and showing the number of teams it will impact.
Once copied you’ll see the new entry in the table with the (all teams) designation.
NEW FEATURES - New dashboard filters for phish and spam content categories
In the Widget Filter Editor, you can now search for specific Phish and Spam content reason categories. Navigate to Analysis → Phish or Spam Content in the filter to view the list of matches. The current expanded categories are listed below. INKY will add more categories as needed.
Spam
Block List
Mostly Blank Message
Pattern Match
Spam Engine
Spam Sender
Upstream Google Classification
Upstream Microsoft Classification
Phish
Bad HTML Attachment
Bad PDF Attachment
Block List
Fake Voicemail
Pattern Match
Personalized Phish
Phishing Sender
The message detail view of a particular message will expand more on what these subcategories are.
ENHANCEMENT - Add “Jump to Filter” search input on the filter editor
Found at the bottom of the Widget Filter Editor is a new search tool to find a sub filter faster. For example, if I wanted to find the Phishing Content filter from above you can search “phish” and select the appropriate option.
ENHANCEMENT - Improved outbound message view
Added teamId and Recipient To Addresses to metadata tab
Added URL copy/Open in new window buttons
Enabled the message tag editor
New workflow statuses in the timeline with clickable rule names to take user to the Rules tab
ENHANCEMENT - Expanded QR Code Detection
QR Code detection has been improved to ensure detection even when the DPI of a QR Code image is too low for traditional methods.
ENHANCEMENT - Gradient MSP PSA Integration now supports new products
The Gradient MSP PSA integration now supports INKY's latest products: Graymail, Email Signatures, and DMARC Analysis (coming soon).