Threat and Feature Updates for Enhanced Security and Flexibility

INKY's latest release includes new threat categories, advanced allow/block list options, enhanced QR code detection, and expanded dashboard filters for phish and spam analysis.

Back

INKY introduces “Newly Registered Domain” and “Potential Sender Risk” threat categories to bolster email security against emerging threats. Additionally, this update features improved allow/block list management, with options to elevate entries from team to organization level. Enhanced QR code detection, new dashboard filters, and Gradient MSP PSA integration support for new products further enrich the INKY platform.

Newly Registered Domain

By default, the new "Newly Registered Domain" threat category will classify all emails falling below the specified threshold in the Domain Age Analysis section of the dashboard, accessible here: Analysis - INKY.

To configure, set the Maximum age (in days) for a domain to be deemed "newly registered" within the range of 1 to 60 days. Alternatively, set it to 0 to deactivate this feature.

By default, this Threat Category will trigger a Caution Banner. However, selecting the checkbox will elevate all messages categorized as "newly registered," based on the specified maximum age, to Danger status.

Image Image

Potential Sender Risk

Recently added, a new manual threat category dubbed "Potential Sender Risk" empowers admins to directly flag potential risks within INKY. Paired with the new DMARC authentication method, this feature grants admins greater command over their email flow.

This category can be useful when shared addresses from SaaS services like Dropbox are used during phishing campaigns and are unable to fully block a sender.

Add this category using the normal “Add new entry” option on the Block List configuration page here: Block List - INKY

Image

Allow and Block Lists Updates

Delete Entries from the Allow or Block Lists

Admins can now delete entries from their Allow and Block list. You can delete directly from the active list, as well as the disabled list. Simply select an entry then “More info” to expose the below settings giving the option to delete.

Image

Elevate Entries from the Allow or Block Lists at a Team Level to an Organization

Organization Admins can now elevate team level Allow and Block list entries up to the top of their hierarchy, so they apply to all teams.

Make sure you're on the appropriate organization level, which is denoted in the Team Filter with the skyscraper icon.

Image

When accessing Allow List - INKY and Block List - INKY, you'll find the familiar Allow and Block List options. However, a new column labeled "Team" has been introduced in the table entries. Entries marked with "(all teams)" next to the team's name apply to all child teams within the organization, while those without it apply only to the specific team.

To promote a team-level entry to an organization-level entry, simply select the desired entry, click "More info," and choose "Copy to Organization" in the popup. A subsequent modal will appear, confirming the parent organization and showing the number of teams it will impact.

Image Image

Once copied you'll see the new entry in the table with the (all teams) designation.

Image

Dashboard Filters for Phish and Spam Content

In the Widget Filter Editor, you can now search for specific Phish and Spam content reason categories. Navigate to Analysis → Phish or Spam Content in the filter to view the list of matches. The current expanded categories are listed below. INKY will add more categories as needed.

Spam

  • Block List
  • Mostly Blank Message
  • Pattern Match
  • Spam Engine
  • Spam Sender
  • Upstream Google Classification
  • Upstream Microsoft Classification

Phish

  • Bad HTML Attachment
  • Bad PDF Attachment
  • Block List
  • Fake Voicemail
  • Pattern Match
  • Personalized Phish
  • Phishing Sender

The message detail view of a particular message will expand more on what these subcategories are.

Image

Found at the bottom of the Widget Filter Editor is a new search tool to find a sub filter faster. For example, if I wanted to find the Phishing Content filter from above you can search “phish” and select the appropriate option.

Image

Improved Outbound Message View

  • Added teamId and Recipient To Addresses to metadata tab
  • Added URL copy/Open in new window buttons
  • Enabled the message tag editor
  • New workflow statuses in the timeline with clickable rule names to take user to the Rules tab

Expanded QR Code Detection

QR Code detection has been improved to ensure detection even when the DPI of a QR Code image is too low for traditional methods.

Gradient MSP PSA Integration for New Products

The Gradient MSP PSA integration now supports INKY's latest products: Graymail, Email Signatures, and DMARC Analysis (coming soon).

Written by

Matt Sywulak

On

May 2, 2024