/
Advanced Block List

Advanced Block List

Owned by Matthew Sywulak
Last updated: Feb 12, 2025
4 min read

The Advanced Block List feature allows you to create and manage custom rules to target potential threats based on URLs, attachments, and other properties of email messages. These rules help enhance your security by automatically assigning a threat category and threat level when a message or link meets the specified criteria.

Access to the Advanced Block List requires that a team is on the Professional or Advanced SKUs. Your team may be entitled to the Advanced Block List, but they must be migrated to the new SKUs for the feature to work. If you have any questions on getting this enabled reach out to your Account Executive or support@inky.com.

Found on: Advanced Block List - INKY

How It Works

  • Rule Matching:
    When an email or a link matches one of your configured rules, the system assigns a threat category and level based on the rule’s mode.

    • Example 1: Analysis time (Pre-Delivery):
      If an incoming email matches one or more rules, the system assigns every corresponding threat category. For example, if one rule flags the email as Phishing Content and another flags it as Spam Content, the email will be labeled with both threat categories.

      Example 2: Link Click (Post-Delivery):
      When link rewriting is enabled, if a user clicks a link that triggers a rule set to Danger mode, the system will classify the content as "Phishing Content" and redirect the user to a blocker page, as configured on the Markup page.
      At click time (post-delivery), only link-specific conditions are evaluated—this includes URL, URL FQDN, URL registered domain, and URL (Advanced Match).

  • Unauthenticated Senders:
    There is an option to restrict rules so that they only match messages from unauthenticated senders.

  • Rules are only applied at Team Levels:
    As an INKY partner, you may manage multiple teams. Currently, Advanced Block List rules operate only at the team level. We are actively developing an update to allow rule configuration at the organization level—enabling rules to apply across all teams in your hierarchy that have the required SKU. Expect this enhancement to be available before Q2 2025.

 

Configuration Options

Conditions

Define what property of the email message the rule should evaluate. Available conditions include:

  • URL Options:

    • URL: Matches against the entire URL.

    • URL FQDN: Matches the fully qualified domain name.

    • URL Registered Domain: Matches the registered domain.

    • Link (Advanced): A combination of the above URL-based criteria.

At click time (post-delivery), only link-specific conditions are evaluated—this includes URL, URL FQDN, URL registered domain, and URL (Advanced Match). At analysis time (pre-delivery), multiple conditions can be joined with Link conditions to make decisions.

Based on feedback from INKY partners and customers during the initial deployment phase, we may add additional conditions to further enhance protection.

Match Types

Choose how the condition should be evaluated against the provided value:

  • Equals

  • Does Not Equal

  • Starts With

  • Ends With

  • Contains

  • Does Not Contain

Value

Enter the specific string or pattern that the condition will use for matching.

Options (Rule Modes)

Select the action that should be taken if the rule is triggered:

  • Disabled: The rule is inactive.

  • Caution: The rule issues a warning or cautionary notice.

  • Danger: The rule enforces a strong action (e.g., marking the email as containing phishing content and triggering a blocker page).

Additional Setting

  • Unauthenticated Senders Only:
    Check this option to apply the rule exclusively to messages from senders that have not been authenticated.

FAQ

Q: How does the system decide which threat category to assign if multiple rules are matched?
A: If an incoming email triggers multiple rules, the system assigns every corresponding threat category. For example, if one rule flags the email as Phishing Content and another flags it as Spam Content, the email will be labeled with both threat categories.

Q: Can I restrict a rule to only apply to unauthenticated senders?
A: Yes. There is a checkbox option that allows you to limit a rule so that it only applies to messages from unauthenticated senders.

Q: How does link rewriting interact with the Advanced Block List?
A: When link rewriting is enabled, if a user clicks on a link that triggers a Danger mode rule, the system classifies the content as "Phishing Content" and redirects the user to a blocker page as defined in the link rewriting settings on the Markup page. At click time (post-delivery), only link-specific conditions are evaluated—this includes URL, URL FQDN, URL registered domain, and URL (Advanced Match). At analysis time (pre-delivery), multiple conditions can be joined with Link conditions to make decisions.

Q: Can I modify or delete rules once they are created?
A: Yes. You can edit, update, or remove rules at any time through the Advanced Block List configuration page.

Related content

Generative AI (GenAI) in INKY
Generative AI (GenAI) in INKY
INKY Knowledge Base
Read with this
Block List
Block List
INKY Knowledge Base
More like this
GenAI Dashboard Walkthrough
GenAI Dashboard Walkthrough
INKY Knowledge Base
Read with this
Allow and Block Listing
Allow and Block Listing
INKY Knowledge Base
More like this
Latest Updates
Latest Updates
INKY Knowledge Base
Read with this
2024-05-02
2024-05-02
INKY Knowledge Base
More like this