Allow and Block List Enhancements

Overhauled allow and block list features with DMARC-based authentication controls, subdomain matching, and user-level management for refined security measures.

Back

INKY's updated allow and block list management includes advanced DMARC authentication options, subdomain matching, and alert indicators for permissive entries. Enhanced user-level customization now allows admins to add, edit, or remove entries to meet organizational needs, providing more targeted control over email flow.

Allow and Block List Overhaul

The core concepts of the Allow and Block List are remaining the same where an admin chooses an appropriate threat category and criteria to block or allow a particular message. However, there have been a few new additions added to provide more targeted entries when appropriate.

DMARC Authentication Options

Allow list entries can have “only if passing DMARC” and Block list entries can have an “only if failing DMARC” option.

Allow list entries now prompt you and pre-check “Apply only to messages that pass DMARC authentication (safer option)” when applying a new Allow Entry. This option gives admins more control in which messages apply to the new entries.

Image

Given the entry above, with DMARC authentication check, we have two messages below that would be evaluated against it on future deliveries. The first one has an SPF pass for securitytides.com and the second one has no authentication passes. In the future, due to the new allow list entry, the top message, with authentication will not be marked as Spam Content, while the second one will because it has no authentication.

Image Image

On the Block Listing side, admins now have the option to “Apply only to messages that fail DMARC authentication (useful for targeting Spoofing).” Think of this as an internal INKY DMARC failure control where if you receive a spoofed email from a particular sender, domain, or IP address you can have it set block if necessary.

For example, the below entry for google.com would apply the Phishing Content banner to all messages with a FROM header google.com but contains no passing authentication. Normally, individual companies are expected to control their DMARC records to perform this type delivery but having the flexibility within INKY gives you more control.

Image

To learn more please review: Allow and Block Listing | Authentication

Subdomain Matching for Allow Entries

When adding an Allow Entry against a specific domain admins are now prompted with an option to cover all subdomains for the given domain. The below example shows the option to “Never warn about Spam Content for mail from domain securitytides.com (and subdomains).”

You'll also be able to add subdomain matching entries against domains added directly from Allow List - INKY.

Image

Editing Allow and Block List

Allow list and block list entries are now editable. These allow list options can be set when performing allow list message actions and also when manually adding via csv input, or via the More Info > Edit interface. This can be set when manually adding via csv input or via the More Info > Edit interface.

To learn more please review: Editing Allow and Block List

User Level Allow and Block List Management

Admins can now manually add (and edit) user-specific allow and block entries as well as manually add Blocked Sender entries (for specific users or at the team level) via the csv input option.

To learn more please review: Add/Remove/Edit User Level Allow and Block List

Alert Indicator for Permissive Entries

Found on the Allow List - INKY and Block List - INKY pages you'll now see an Alert column indicating if an entry added to either list is too permissive or restrictive.

For example, the below entry is an Allow List for First-Time Sender that has a “None” criteria meaning it will match on every new message received and never allow another First-Time Sender threat category. With First-Time Sender completely disabled this would be seen as a very permissive allow list entry that these new warnings are meant to highlight to admins.

Image

Written by

Matt Sywulak

On

March 19, 2024