Advanced Block List

The Advanced Block List feature allows you to create and manage custom rules to target potential threats based on URLs, attachments, and other properties of email messages. These rules help enhance your security by automatically assigning a threat category and threat level when a message or link meets the specified criteria.

Found on: https://app.inkyphishfence.com/settings/advanced-block-list

How It Works

• Rule Matching:
  When an email or a link matches one of your configured rules, the system assigns a threat category and level based on the rule’s mode.

  • Example 1 (Pre-Delivery):
    If an incoming email matches one or more rules, it will be assigned the highest threat category among the matched rules.

    Example 2 (Post-Delivery):
    When link rewriting is enabled, if a user clicks a link that triggers a rule set to Danger mode, the system will classify the content as "Phishing Content" and redirect the user to a blocker page, as configured on the Markup page.

• Unauthenticated Senders:
  There is an option to restrict rules so that they only match messages from unauthenticated senders.

• Rules are only applied at Team Levels:
  As an INKY partner, you may manage multiple teams. Currently, Advanced Block List rules operate only at the team level. We are actively developing an update to allow rule configuration at the organization level—enabling rules to apply across all teams in your hierarchy. Expect this enhancement to be available before Q2 2025.

Configuration Options

Conditions

Define what property of the email message the rule should evaluate. Available conditions include:

• URL Options:

  • URL: Matches against the entire URL.

  • URL FQDN: Matches the fully qualified domain name.

  • URL Registered Domain: Matches the registered domain.

  • Link (Advanced): A combination of the above URL-based criteria.

• Attachment Options:

  • Attachment Name: Matches based on the file name.

  • Attachment Mimetype: Matches based on the file type.

  • Attachment MD5 Hash: Matches based on the file’s MD5 hash.

  • Attachment (Advanced): A combination of the above attachment criteria.

Match Types

Choose how the condition should be evaluated against the provided value:

• Equals

• Does Not Equal

• Starts With

• Ends With

• Contains

• Does Not Contain

Value

Enter the specific string or pattern that the condition will use for matching.

Options (Rule Modes)

Select the action that should be taken if the rule is triggered:

• Disabled: The rule is inactive.

• Caution: The rule issues a warning or cautionary notice.

• Danger: The rule enforces a strong action (e.g., marking the email as containing phishing content and triggering a blocker page).

Additional Setting

• Unauthenticated Senders Only:
  Check this option to apply the rule exclusively to messages from senders that have not been authenticated.

FAQ

Q: How does the system decide which threat category to assign if multiple rules are matched?
A: If an incoming email matches one or more rules, the system assigns the highest threat category among the matched rules.

Q: Can I restrict a rule to only apply to unauthenticated senders?
A: Yes. There is a checkbox option that allows you to limit a rule so that it only applies to messages from unauthenticated senders.

Q: How does link rewriting interact with the Advanced Block List?
A: If link rewriting is enabled, and a user clicks on a link that matches a rule set to Danger mode, the system will classify the content as "Phishing Content" and redirect the user to a blocker page, as specified in the link rewriting settings on the Markup page.

Q: Can I modify or delete rules once they are created?
A: Yes. You can edit, update, or remove rules at any time through the Advanced Block List configuration page.