Delivery
Summary
Each message processed by INKY is assigned a threat attribute value (TAV) based on the threat level and the existence of specific threat details. Policy settings for an INKY team are configured to assign the TAV to a delivery behavior (destination) in Microsoft 365 or Google Workspace. The assigned destination behavior is then carried out by Microsoft 365 or Google Workspace when the message reaches the tenant.
Delivery settings must be enabled on your Microsoft 365 or Google Workspace tenant for this setting to take effect. Please see the related articles below to enable this feature on your tenant if you have not already done so.
Delivery Based on INKY Results
To enable INKY’s delivery settings, navigate to the Settings tab and select Delivery. Then, select the checkbox “Use Inky Results to Determine Delivery Destination”.
Threat Attribution Values (TAV)
INKY has six (6) threat attribution Values. Each one ranges from low severity to high severity, relating closely to the threat level values determined by INKY.
Neutral
Messages with no known identified threat will have a neutral threat level and no threat details.
Caution (Non-Spam)
Messages identified as suspicious but do not contain spam-related threat details in their evaluation.
Caution (Spam)
Messages identified as suspicious and contain certain spam-related threat details in their evaluation. Other threat details may also exist in addition to the SPAM-related ones.
Caution (High Confidence Spam)
Messages identified as suspicious and also contain spam-related threat details in their evaluation indicating known or very likely spam content. Other threat details may also exist in addition to the spam-related ones.
Danger (Phish or Malware)
Messages identified as dangerous may contain spam-related threat details in their evaluation, but the other threat details included are significant enough that the message is deemed to be dangerous by INKY.
Danger (High Confidence Phish or Malware)
Messages identified as highly dangerous. These messages often match exact known threat profiles that have been previously reported.
Delivery Targets
There are four possible delivery locations for a given message. These locations represent actual end locations for mail on Microsoft 365 and Google Workspace.
Inbox
The default location for mail is the recipient’s inbox folder of their mailbox.
Junk (Spam)
The default location for mail that is identified as junk mail (i.e. SPAM) is the recipient’s Junk Folder of their mailbox. Individual users can disable their Junk Folder but doing so may make mail that the tenant wishes to send to their junk folder go to their Inbox folder instead. Outlook’s junk folder prevents a person from replying to email, opening links, or attachments. The user does have the ability to move the message to their inbox should they determine the message to be safe.
User Quarantine (User-Q)
The default location for mail that is not delivered to the recipient’s mailbox folders because it is quarantined as the result of a spam content filter setting on the customer’s tenant. The recipient can access the quarantine and release messages if they wish without assistance from a Microsoft 365 administrator. Based on tenant settings users may receive daily or weekly digests listing mail that has been quarantined with options for handling individual messages.
Google Workspace does not contain a user quarantine. Any mail sent to the user quarantine will be directed to the end user's spam folder.
Administrative Quarantine (Admin-Q)
Mail that is set to quarantine will be directed to an administrative level quarantine that is not accessible by recipient users. Mail here may only be accessed and optionally released from quarantine by tenant administrators. No active notice of this quarantining of a message is made to either administrators or end-users.
Delivery Maps
Delivery maps are the representation of how mail is marked up so that Microsoft 365 and Google Workspace mail flow rules are invoked in a manner that allows mail with a given TAV to get sent to a given delivery target on the tenant.
This mapping is configurable in the INKY Dashboard via the settings page. Administrators must have write permissions in order to make these changes.
Default Mapping
Threat Attribute Value (TAV) | External Mail | Internal Mail |
---|---|---|
Neutral | Inbox | Inbox |
Caution (Non Spam) | Inbox | Inbox |
Caution (Spam) | Junk | n/a |
Caution (High Confidence Spam) | Junk | n/a |
Danger (Phish or Malware) | User Quarantine | Inbox |
Danger (High Confidence Phish or Malware) | Admin Quarantine | Inbox |
Mapping for internal mail is different in that by default INKY will never mark internal mail as spam. Therefore, TAV’s 3 and 4 are not applicable. The internal mail category also includes externally sourced mail coming from senders that are identified in the INKY Dashboard as “trusted”.
When making any changes to the Settings page, please ensure that you scroll to the bottom and select the “Save Changes” button.
Microsoft 365 Only
If you chose to apply our "Recommended Settings," please note that this will tie into INKY's custom Microsoft 365 Spam Filter rule "IPW-Group." This will route banners with "Caution (Spam)" and "Caution (High Confidence Spam)" to the Junk Folder, "Danger (Phish or Malware)" to a User Quarantine, and "Danger (High Conf. Phish or Malware)" to the Admin Quarantine. This is controlled by our custom spam filter in 365.
This custom rule is scoped specifically to the IPW-Group for a controlled rollout, instead of applying the ruleset to all users at once. This rule again controls where "Cautions" and "Dangers" will route.
Under "Spam and Bulk Actions," you'll find the routing options that pertain to actions within the INKY Delivery Settings Dashboard. Please note that if you'd like to roll out the INKY Delivery Setting to all users at once, you can forgo INKY's custom spam filter policy. However, you will have to change the Default spam filter policy to match INKY's spam and bulk action:
Spam:
Move message to Junk Email Folder
High Confidence Spam:
Quarantine Message
Related Articles
https://inkyops.atlassian.net/wiki/spaces/AG2/pages/1821048998
Enable Delivery Routing for Google Workspace