Additional Analysis
Found at the bottom of the Analysis - INKY page you’ll find the new section named Additional Analysis. There you’ll use a multi-select input to set which country you want blocked.
Blocked Sender Location
When you block a country, any message that’s identified coming from there will be given the new threat category “Blocked Sender Location” and tagged as High Confidence Phish. This allows it to follow the normal routing destinations defined on the delivery page, which would likely send them to Admin Quarantine.
Additionally, within the message details view of most messages after October 2022, you’ll have access to the sender location. This helps identify which country you may consider blocking if they’re found being used in phishing attacks.
Block Many Countries
To enhance cybersecurity measures, teams may consider blocking certain countries while ensuring the United States remains accessible. The User Interface (UI) accepts comma-separated values, allowing you to block multiple countries simultaneously with ease. Simply copy one of the country code lists provided below and paste it into the INKY dashboard, followed by pressing enter, to block all countries in the list. We employ the ISO 3166-1 country codes for location-based sender blocking, which can be referenced here. To create a custom block list, please follow the examples below, copying and pasting your constructed list into the INKY dashboard.
Exercise caution when selecting countries like Colombia (.co) and Montenegro (.me) whose ccTLDs are widely used by numerous legitimate companies. While this list is not exhaustive, it provides an example of what may be inadvertently blocked should you opt to restrict these countries.
.tv - Tuvalu: Widely used by television and media-related websites.
.io - British Indian Ocean Territory: Popular among technology and startup companies because "IO" is commonly used as an acronym for input/output in IT.
.me - Montenegro: Often used for personal websites or blogs due to the word "me" being prevalent in English.
.ly - Libya: Used for domain hacks because "ly" is a common suffix (e.g., bit.ly ).
.ai - Anguilla: Gained popularity among AI (Artificial Intelligence) companies and startups.
.co - Colombia: Frequently used by companies as it resembles "com."
.fm - Federated States of Micronesia: Often used by FM radio stations.
.gg - Guernsey: Popular within the gaming community, as "gg" is commonly used to signify "good game."
.to - Tonga: Used for domain hacks and occasionally by Toronto-based entities.
.cc - Cocos (Keeling) Islands: Sometimes used as a generic code for Christian Church or Cycling Club.
Blocked Top-Level Domain
In addition to the current blocked sender location functionality, we’ve added the ability to block top level domains (TLDs) and public suffixes (e.g., co.uk
). This blocking mechanism is enforced against the following mail properties.
MAIL FROM envelope address
From or Reply-To header address
Link URLs
Image URLs
Additionally, there's a new feature to "Automatically block ccTLDs (Country Code Top-Level Domains) based on the chosen Blocked Sender Location." For instance, if Montenegro (.me) is selected, its country code will also be considered a Blocked Top-Level Domain, alongside the Blocked Sender Location.
Configure these new settings at the bottom of this page: https://app.inkyphishfence.com/settings/analysis