/
Managing Burst Detection

Managing Burst Detection

Owned by Matthew Sywulak
Jan 17, 2025
3 min read

Overview

The updated Burst Detection Status interface gives you a clear view of which recipients are in “burst mode” and those who are temporarily prevented from being flagged. It also offers controls to manually force burst mode and to reset all tracking data, ensuring you have full control over your team’s Burst Detection process.

image-20250117-153749.png

Key Areas

  1. Active Recipients
    Recipients currently in burst mode appear here with the time until “burst mode” expires. During this time, messages to these recipients will be flagged under the Suspicious Mail Burst threat category and handled based on your team’s current settings.

    • Extend: Adds more time to the burst mode duration.

    • Reset: Immediately ends the burst mode and returns the recipient to normal monitoring.

    • Prevent: Moves the recipient into the “Prevented Recipients” list, exempting them from burst detection for a set period.

  2. Prevented Recipients
    Recipients listed here are temporarily exempt from entering burst mode until the displayed end time, regardless of how many emails they receive.

    • Extend: Increases the time during which these recipients are prevented from entering burst mode.

    • Remove: Ends the prevention status immediately, allowing them to be evaluated for burst conditions again.

  3. Force Recipient Into Active Burst Mode
    This option allows you to proactively place a recipient into burst mode for a specified duration (in seconds). All messages to that recipient will be flagged under Suspicious Mail Burst during this time.

  4. Reset Tracking Data
    Clicking Reset Tracking Data purges all existing records of burst detection for the team. However, the underlying settings (thresholds, intervals, etc.) remain intact. After resetting, the system begins tracking anew according to the current configuration.

    Warning: This action cannot be undone. If you need to disable burst detection entirely or permanently ignore certain recipients, adjust the primary Burst Detection settings outside of this interface.

Step-by-Step Instructions

  1. Access the Burst Detection UI

    • Log in to your INKY Admin Console Analysis - INKY section.

    • Navigate to Burst Detection

  2. Select “Burst Detection Status”

    image-20250117-160655.png

  3. Review Active and Prevented Recipients

    • Check the Active Recipients list to see who is currently in burst mode.

    • Use Extend, Reset, or Prevent if necessary.

    • Check the Prevented Recipients list to see who is exempt from burst detection, and modify or remove entries as needed.

  4. Force a Recipient Into Burst Mode

    • Under Force recipient into active burst mode, type or paste the recipient’s email address.

    • Specify the Duration (seconds).

    • Click Force Active. This recipient’s messages will now be flagged for the chosen duration.

  5. Reset Tracking Data

    • Click Reset Tracking Data.

    • Confirm your choice in the pop-up dialog.

    • All historical data (counts, timestamps) for the team is cleared, and the system will begin tracking again fresh.

  6. Close the Dialog

    • Review all changes.

    • Click Close to exit the Burst Detection Status interface.

Best Practices

  • Use Prevent with Caution: If a recipient is genuinely under a burst attack, preventing them might create a blind spot by excluding suspicious messages from being flagged.

  • Reset Judiciously: Resetting tracking data can be helpful after testing or significant configuration changes, but it clears out all historical data.

  • Long-Term Exclusions: To permanently exclude specific recipients from burst detection, add them to the Ignore Recipients for Burst Detection list in your primary Burst Detection settings.

FAQs

  1. Will preventing a user override my ignore list?
    No. Preventing is a temporary state that keeps a user out of burst mode. If you want a permanent ignore, add the address to the “Ignore Recipients” setting in your main Burst Detection configuration.

  2. What happens if I remove someone from the Prevented Recipients list?
    The system immediately resumes burst monitoring. If they receive enough emails to surpass the threshold, they’ll enter burst mode.

  3. Does resetting tracking data change my Burst Detection thresholds?
    No. Resetting only wipes historical data. Your thresholds and intervals remain the same.

  4. Can I apply the ‘Force Active’ option to multiple emails at once?
    Yes, by pressing enter after typing or copying a single email will allow a list to start being created for multiple recipients to be forced active.