Known External Sender and Customizable Organization Profiles

INKY's latest updates introduce Known External Sender recognition, giving organizations the ability to flag frequent external senders as trusted. This release also adds customizable organization profiles with settings inheritance, allowing admins to define policy rules at multiple levels within the organization. Additionally, a new “Possible Spoofed Known Sender” threat category helps detect potential spoofing attempts against trusted domains, providing enhanced security for known contacts.

Known External Sender

Found within: Analysis - INKY

You can identify known external senders with which your organization frequently does business or has some other legitimate relationship. Authenticated messages from these senders will be labeled Known External in banners. Note that authenticated, external messages from a team domain will automatically be considered Known External, so there is no need to add any team domains here.

The value here should be a comma-separated list of email addresses, fully-qualified domain names, or registered domains (will automatically include all subdomains).

Bonus Protections for Confusable Domains: Any domain listed within the Known External Sender setting will always be used when evaluating the confusable domain check (e.g., lnky.com and inky.com).

Known External Senders Examples:

Consider the following entry within the Known External Senders text area.

company.com, matt@organization.com, securitytides.com

• company.com - all mail authenticated from company.com will be considered as Known External Sender and used when evaluating Confusable Domains.
• matt@organization.com - only mail authenticated from organization.com when the mail from is matt@organization.com will be considered as Known External Sender, however, all mail from the domain organization.com will be used when evaluating Confusable Domains.
• securitytides.com - all mail authenticated from securitytides.com will be considered as Known External Sender and used when evaluating Confusable Domains.

Optional Blue Banner for Known External and Internal Mail

Found Within: Markup Settings - INKY

If organizations want to further distinguish more trusted communications from Known External Senders and Internal Mail, you'll now be able to include a Blue Banner color for them. Simply check the box that says “use color in Neutral banners to differentiate known senders (Internal and Known External) from other External senders.”

Customizable Organization Profiles and Settings Inheritance

Organization Profiles have been used at INKY for many years. They have only been configurable by an INKY admin though, now with our latest update all super admins within an organization can view and manage their organizations profile.

To get started simply go to your organization level, denoted by the skyscraper symbol, where you'll now see many more of the settings options available.

Selecting any of the settings options on the left will bring a familiar page but will now show where the settings inheritance is coming from. There are three icons to note the settings inheritance:

• Globe: inheriting the default policy from INKY.
• Skyscraper: overriding the global policy and applying to all teams.
• Person: overriding the global policy and organization policy to set a local team policy.

When making a change from the Organization level you'll see a new popup warning you that saving the settings will apply to all of the teams within your hierarchy.

Once you have an organization profile set, you'll see the skyscraper symbol on your end customer team, meaning you're inheriting from the organization. Now you have the option to override an inherited setting at the team level if necessary.

Possible Spoofed Known Sender

Coupled with our new Known External Sender setting comes a Possible Spoofed Known Sender threat category. Whenever an email comes in that matches a domain or email address from the Known External Senders list but doesn't pass authentication (SPF/DKIM/DMARC) then it'll be treated as a Possible Spoofed Known Sender.