Log Out
Access an INKY team dashboard by logging into an account associated with one of the team's administrators.

Other Options
Team
Unique Primary Recipients
Message Count
Sender Type
Analysis Results
Analysis Results by Date
No data
You may need to select a wider date range.
Threat Types
No data
You may need to select a wider date range.
Analysis Results by Team Member
No data
Note: This chart only displays statistics for Caution and Danger messages.
Analysis Results by Sender Domain
No data
Note: This chart only displays statistics for Caution and Danger messages.
Threat Details  
Visit the Visualization Dashboard for more advanced search and filtering
Policy Settings for Team  
Markup Settings
Settings here control visible markup changes applied by INKY.
Message Transformations
INKY can modify and transform messages processed in a variety of ways to improve security and usability.
()
()
Banner Format
The default "Minimal" banners list the threat types found in each message along with a Details link to get more information. The "Minimal (all links inside color banner)" is similar to "Minimal" but footer links like Report This Email appear inside the color banner. The "Verbose" option includes the details inline in each message. The "Micro" option lacks any details and requires the user to click the Details link to learn what threat types were found.
Customize Which Banners To Include
By default, INKY adds a neutral banner (says "Safe" for internal messages, "External" for others) even when messages don't have any obvious threats. This helps distinguish internal and external mail, and allows users to see external senders' email addresses more easily. If you'd prefer not to add a neutral banner to certain types of messages, you may opt out of this feature. You may also choose to suppress "Caution" or even "Danger" banners, but this is not recommended under normal circumstances.
Processing Settings
Settings here affect how INKY processes messages in the background and decides whether messages are dangerous.
Reporting Options
INKY can put a "Report This Email" link in every email processed to allow users to provide feedback. For the most effective reporting, INKY must store an unprocessed copy of incoming mail; we offer a method of doing so that stores the mail encrypted in a way that even INKY employees cannot decrypt until a user explicitly reports the email.
Custom Reporting Email Notifications
By default, user reports are sent to INKY for further analysis. These settings control where notification emails for each type of report can optionally be sent for your own internal review. Note: Each field can be a comma-separated list of email addresses (e.g., "user@domain.com, user2@domain2.com"). Leave a field blank to not send any custom notifications about a specific type of report.
Spear Phishing Protection
INKY builds sender profiles and a social graph based on incoming mail to provide spear phishing protection tailored to your organization. The associated warnings are initially disabled, as this process requires a short training period to acquire enough data to make reliable predictions.
VIP Spoofing Protection
INKY can detect VIP spoofing (also known as CEO impersonation) using a curated VIP list containing the names and valid email addresses of top executives, board members, and other important contacts. This feature is initially disabled until INKY has a VIP list. In some cases, INKY can curate the list independently based on publicly available datasets, but in many cases it must be provided by the customer. The current list can be viewed and/or edited in the VIP List section in the navigation menu on the left.

 Go to VIP List Details
Spam Settings
INKY can leverage existing spam results from Microsoft or Google, and also runs its own spam engine. Use these settings to customize these behaviors.
Trusted Third-Party Senders
If your organization uses third-party senders to send messages on behalf of your users, INKY may detect these messages as internal-sender spoofing. This is because your domain appears in the From: field but under-the-hood the mail was sent from a third-party mail server. To avoid such warnings, you can tell INKY about third-party senders that are permitted to send mail on your behalf.
Example: mydomain.com: other.com, another.com;
Internal Mail Detection
Since INKY processes only external mail, a message that looks like it's from one of your domains is potentially spoofing unless we can verify that it comes from a trusted source. On the other hand, a message from one of your domains that cannot be verified is likely spoofing and should get detected as potential phishing. Use the below options to help improve INKY's handling of messages that technically arrive from an external system yet may actually be legitimate, internal messages. Also, for some customers, additional context about what type of mail is being processed is required to be able to detect spoofing accurately.
Note: The value here should be a comma-separated list of IP addresses or CIDR blocks identifying sources of mail that should always be considered internal.
Delivery Settings
Settings here control how INKY tells your downstream mail service to deliver processed messages.
Delivery Based on INKY Results
You may use INKY's analysis results to affect whether mail gets delivered to a user's inbox, junk folder, or some type of quarantine in your downstream infrastructure. Note: These settings only result in headers being added to processed mail; INKY does not directly quarantine or move mail to folders. Contact your support representative for more details.
Apply Recommended Settings
INKY Result
External mail
Trusted 3rd Party / Internal mail
Special notes: Office 365   G Suite
Legacy Quarantine
These settings only apply if the "Use INKY results..." setting is not selected above. You may opt to quarantine messages based on INKY's analysis. Only the most serious warnings (aka red "Danger" warnings) will trigger quarantining. Note: For this option to work, you must be using Office 365 / Microsoft Exchange's hosted quarantine with appropriate mail flow rules in place.


This page displays the policy settings currently in effect for your team. Please contact your support representative to request any changes.
Customize INKY for Team
Sensitive Content Policy Messages & Links
When INKY detects sensitive content in messages, you may configure a custom policy message (and optionally link to a web site for more information) based on the category of sensitive content detected. Some basic HTML formatting is allowed (i.e., <u>, <i>). To not show any special message, leave the fields blank. To disable the detection of a category altogether, uncheck the corresponding checkbox. If you want to return to the system default configuration, click here to restore defaults.
Landing Page Branding
You may customize the landing pages that your end users will reach when clicking the Report This Email or Details links in banners. The settings also apply to the Link Protection pages if you have the Link Rewriting feature enabled. If you want to return to the system default configuration, click here to restore defaults.

No custom logo uploaded Custom logo image not uploaded
Note: We recommend using a transparent .png image at least 100 pixels tall.


Preview Customizations for Team
   Note: Preview reflects only saved changes.
VIP List for Team  
This is a read-only view of your current VIP List. Please contact your support representative to request any changes.
Allow List for Team
The allow list entries here cause INKY to suppress certain types of results and should be used with caution. New entries can be added via the Threat Details section.
Add to Allow List for Team
You may manually add allow list entries to ensure messages with certain criteria never receive a particular result type. The criteria value can be a comma-separated list of email addresses or domains. Caution: Be sure to preview your results with the dry-run option. There is no bulk-undo capability. Any undesirable entries may be disabled individually.


Block List for Team
The block list entries here force INKY to assign certain types of results and should be used with caution. New entries can be added via the Threat Details section or via the form at the bottom of this screen.
Add to Block List for Team
You may manually add block list entries to force messages with certain criteria to always receive a particular result type. The criteria value can be a comma-separated list of email addresses, domains, and/or IP addresses. Caution: Be sure to preview your results with the dry-run option. There is no bulk-undo capability. Any undesirable entries may be disabled individually.


Microsoft Graph API Access Configuration
Domain and Directory Access  
INKY uses the Microsoft Graph API to check your tenant's domain and directory information to help ensure you stay protected. This requires you to log in with an Office 365 or Exchange global administrator account. Note: Once this access is granted, you may use the "Check for Missing Domains" tool under Advanced Config > Domain Information; please report any missing domains to INKY support.
API access was granted by on . Reconfirm Access

Basic Read-Only Mail Access  
INKY can improve its results if you provide API access to your organization's mail and directory information. Note that this requires you to log in with an Office 365 or Exchange global administrator account.
API access was granted by on . Reconfirm Access
INKY Phish Finder
This tool scans historical (already delivered) mail in group members' inboxes to allow you to preview INKY analysis results in the dashboard before a full deployment. This helps detect potentially dangerous emails currently in users' mailboxes and also helps identify potential domain-specific allow list requirements.
Step 1: Click to find an up-to-date list of INKY groups that you can scan.
User Mailbox Check  
This option allows you to check how many unique mailboxes INKY has processed mail for (in the currently selected time period).

Remediation Access  
To enable remediation actions via the dashboard, such as removing dangerous messages from user mailboxes, you may grant additional read/write permissions to INKY. Note that this requires you to log in with an Office 365 or Exchange global administrator account. The INKY service will not remove any messages automatically; only an authorized administrator can invoke the remediation actions.
API access was granted by on . Reconfirm Access
You can perform remediation actions for the currently selected team.
You cannot perform remediation actions for the currently selected team.
Google API Access Configuration  beta
Remediation Access  
To enable remediation actions via the dashboard, such as removing dangerous messages from user mailboxes, you may grant read/write permissions to INKY. Note that this requires you to log into your G Suite Admin Console and configure your tenant to allow access by INKY's service account. The INKY service will not remove any messages automatically; only an authorized administrator can invoke the remediation actions.
Instructions:
  1. Go to the Google Admin console and follow the instructions for setting up Domain-Wide Delegation with the following details:
    • Client ID: 116106903419769312436
    • Scopes: https://www.googleapis.com/auth/gmail.modify
  2. After granting access to our app, click the button below to verify. Note that the access may take anywhere from one hour up to 24 hours to take effect.
API access was verified by on . Reconfirm Access
You can perform remediation actions for the currently selected team.
You cannot perform remediation actions for the currently selected team.
Admin Management for Team  
This is a read-only view of your current admins. Please contact your support representative to request any changes.

Advanced Configuration
Learning Mode
INKY can be configured to run in "learning mode." During this time, some special consideration will be given to the fact that INKY was just recently enabled. This includes a learning mode link in INKY's banners (which leads to the Report This Email page). The Report This Email and Details pages also include an added reminder that INKY was newly added and solicits additional feedback.
Learning mode is ON/OFF until  
During this time, your users will not see certain results in the INKY banner (e.g., ), but INKY will let you review these so-called "Suppressed Results" in Threat Details. During the learning mode period, you should review these results and apply any appropriate allow list or policy changes until all the suppressed results are real threats.
Upstream Provider
If your organization uses an additional upstream provider, update this section to help INKY produce the most accurate results possible. If you use an upstream provider not listed here, contact your support representative.
Phishing Awareness Training Platforms
Update this section if your organization runs phishing awareness campaigns using one or more of the platforms listed below, and you would like INKY to always show neutral banners for messages originating from these platforms. If you use a platform not listed here, contact your support representative. Note: If you want simulation messages to receive normal INKY results, just leave this section blank.
Note: To select or deselect, press ⌘ (on Mac) or Ctrl (on Windows) while clicking.
Domain Configuration
This is a read-only view of your current domain configuration within INKY. Please contact your support representative to request any changes. Note that a next-hop destination in brackets like [host] means MX DNS lookups are disabled; the A record will be used instead.
To check for missing domains, please grant Domain and Directory API Access.
Metrics
Loading...
Loading...