Access an INKY team dashboard by logging into an account associated with one of the team's administrators.
Other Options
Team
Alert
Unique Primary Recipients
Message Count
Sender Type
Analysis Results
Analysis Results by Date
No data
You may need to select a wider date range.
Threat Types
No data
You may need to select a wider date range.
Threat Details  
Visit the Visualization Dashboard for more advanced search and filtering
Policy Settings for  
Markup Settings
Settings here control visible markup changes applied by INKY.
Message Transformations
INKY can modify and transform messages processed in a variety of ways to improve security and usability.
()
()
Banner Format
The default "Minimal" banners list the threat types found in each message along with a Details link to get more information. The "Minimal (all links inside color banner)" is similar to "Minimal" but footer links like Report This Email appear inside the color banner. The "Verbose" option includes the details inline in each message. The "Micro" option lacks any details and requires the user to click the Details link to learn what threat types were found.
Customize Which Banners To Include
By default, INKY adds a neutral banner (says "Internal" for internal messages, "External" for others) even when messages don't have any obvious threats. This helps distinguish internal and external mail, and allows users to see external senders' email addresses more easily. If you'd prefer not to add a neutral banner to certain types of messages, you may opt out of this feature. You may also choose to suppress "Caution" or even "Danger" banners, but this is not recommended under normal circumstances.
Modifications for Special Message Types
Some types of messages may require special handling to ensure user functionality is not affected by INKY's modifications (e.g., banner, HTML sanitization, link rewriting). Use these options to adjust how INKY modifies messages of these types; modifying all messages will enforce the strictest level of protection for your users, but may affect the user experience. Choosing not to modify certain messages here will ensure that INKY does not make any body modifications to that mail (though the normal result headers will still be added, and the message results will still be visible in the dashboard). Note: You may have upstream rules causing some of these types to bypass INKY; you may need to disable those rules so INKY can process such mail and apply the policy configured here.
* Clear-signed messages are messages that have been digitally or cryptographically signed but not encrypted. INKY can scan their contents, but modifying the messages may cause the recipient's mail client to display a warning message about not being able to verify the authenticity of the message.
Default Language for Banners & User-Facing Landing Pages
Choose the default language to use for banner text and user-facing landing pages related to the banner (i.e., the Report This Email page, Details page, and any link blocking pages if applicable). Note: Changing the language may affect outbound banner removal. Please reach out to your support representative for more information.
Processing Settings
Settings here affect how INKY processes messages in the background and decides whether messages are dangerous.
Reporting Options
INKY can put a "Report This Email" link in every email processed to allow users to provide feedback. For the most effective reporting, INKY must store an unprocessed copy of incoming mail; we offer a method of doing so that stores the mail encrypted in a way that even INKY employees cannot decrypt until a user explicitly reports the email.
Custom Reporting Email Notifications
By default, user reports are sent to INKY for further analysis. These settings control where notification emails for each type of report can optionally be sent for your own internal review. Note: Each field can be a comma-separated list of email addresses (e.g., "user@domain.com, user2@domain2.com"). Leave a field blank to not send any custom notifications about a specific type of report.
By default, the original mail will be attached as an RFC822-formatted .txt (text/plain) file. This is due to the fact that some mail systems automatically process/reformat incoming .eml attachments.
This option will cause INKY to "spoof" mail from your reporting team member and should only be used if the notifications are going into a system that expects this. Otherwise, the mail may get blocked due to suspicion of phishing.
Spear Phishing Protection
INKY builds sender profiles and a social graph based on incoming mail to provide spear phishing protection tailored to your organization. The associated warnings are usually disabled at first, as this process requires a short training period to acquire enough data to make reliable predictions.
VIP Spoofing Protection
INKY can detect VIP spoofing (also known as CEO impersonation) using a curated VIP list containing the names and valid email addresses of top executives, board members, and other important contacts. This feature is initially disabled until INKY has a VIP list. The current list can be viewed and/or edited in the VIP List section in the navigation menu on the left.

 Go to VIP List Details
Spam Settings
INKY can leverage existing spam results from Microsoft or Google, and also runs its own spam engine. Use these settings to customize these behaviors.
Trusted Third-Party Senders
If your organization uses third-party senders to send messages on behalf of your users, INKY may detect these messages as internal-sender spoofing. This is because your domain appears in the From: field but under-the-hood the mail was sent from a third-party mail server. To avoid such warnings, you can tell INKY about third-party senders that are permitted to send mail on your behalf.
Example: mydomain.com: other.com, another.com;
Internal Mail Detection
When INKY processes external mail, a message that looks like it's from one of your domains is potentially spoofing unless we can verify that it comes from a trusted source. On the other hand, a message from one of your domains that cannot be verified is likely spoofing and should get detected as potential phishing. Use the below options to help improve INKY's handling of messages that technically arrive from an external system yet may actually be legitimate, internal messages. Also, for some customers, additional context about what type of mail is being processed is required to be able to detect spoofing accurately.
Note: The value here should be a comma-separated list of IP addresses or CIDR blocks identifying sources of mail that should always be considered internal.
Delivery Settings
Settings here control how INKY tells your downstream mail service to deliver processed messages.
Delivery Based on INKY Results
You may use INKY's analysis results to affect whether mail gets delivered to a user's inbox, junk folder, or some type of quarantine in your downstream infrastructure. Note: These settings only result in headers being added to processed mail; INKY does not directly quarantine or move mail to folders. Contact your support representative for more details.
Apply Recommended Settings
INKY Result
External mail
Trusted 3rd Party / Internal mail
Special notes: Office 365   G Suite
Legacy Quarantine
These settings only apply if the "Use INKY results..." setting is not selected above. You may opt to quarantine messages based on INKY's analysis. Only the most serious warnings (aka red "Danger" warnings) will trigger quarantining. Note: For this option to work, you must be using Office 365 / Microsoft Exchange's hosted quarantine with appropriate mail flow rules in place.


This page displays the policy settings currently in effect for your team. Please contact your support representative to request any changes.
Customize INKY for
Sensitive Content Policy Messages & Links
When INKY detects sensitive content in messages, you may configure a custom policy message (and optionally link to a web site for more information) based on the category of sensitive content detected. Some basic HTML formatting is allowed (i.e., <u>, <i>). To not show any special message, leave the fields blank. To disable the detection of a category altogether, uncheck the corresponding checkbox. If you want to return to the system default configuration, click here to restore defaults.
Landing Page Branding
You may customize the landing pages that your end users will reach when clicking the Report This Email or Details links in banners. The settings also apply to the Link Protection pages if you have the Link Rewriting feature enabled. If you want to return to the system default configuration, click here to restore defaults.

No custom logo uploaded Custom logo image not uploaded
Note: We recommend using a transparent .png image at least 100 pixels tall.


Preview Customizations for
   Note: Preview reflects only saved changes.
VIP List for  
This is a read-only view of your current VIP List. Please contact your support representative to request any changes.
Allow List for
The allow list entries here cause INKY to suppress certain types of results and should be used with caution. New entries can be added via the Threat Details section.
Add to Allow List for
You may manually add allow list entries to ensure messages with certain criteria never receive a particular result type. The criteria value can be a comma-separated list of email addresses or domains. Caution: Be sure to preview your results with the dry-run option. There is no bulk-undo capability. Any undesirable entries may be disabled individually.


Block List for
The block list entries here force INKY to assign certain types of results and should be used with caution. New entries can be added via the Threat Details section or via the form at the bottom of this screen.
Add to Block List for
You may manually add block list entries to force messages with certain criteria to always receive a particular result type. The criteria value can be a comma-separated list of email addresses, domains, and/or IP addresses. Caution: Be sure to preview your results with the dry-run option. There is no bulk-undo capability. Any undesirable entries may be disabled individually.


Microsoft Graph API Access Configuration
Domain and Directory Access  
INKY uses the Microsoft Graph API to check your tenant's domain and directory information to help ensure you stay protected. This requires you to log in with an Office 365 or Exchange global administrator account. Note: Once this access is granted, you may use the "Check for Missing Domains" tool under Advanced Config > Domain Information; please report any missing domains to INKY support.
API access was granted by on . Reconfirm Access

Basic Read-Only Mail Access  
INKY can improve its results if you provide API access to your organization's mail and directory information. Note that this requires you to log in with an Office 365 or Exchange global administrator account.
API access was granted by on . Reconfirm Access
INKY Phish Finder
This tool scans historical (already delivered) mail in group members' inboxes to allow you to preview INKY analysis results in the dashboard before a full deployment. This helps detect potentially dangerous emails currently in users' mailboxes and also helps identify potential domain-specific allow list requirements.
Step 1: Click to find an up-to-date list of INKY groups that you can scan.

User Mailbox Check  
This option allows you to check how many unique mailboxes INKY has processed mail for (in the currently selected time period).

Remediation Access  
To enable remediation actions via the dashboard, such as removing dangerous messages from user mailboxes, you may grant additional read/write permissions to INKY. Note that this requires you to log in with an Office 365 or Exchange global administrator account. The INKY service will not remove any messages automatically; only an authorized administrator can invoke the remediation actions.
API access was granted by on . Reconfirm Access
You can perform remediation actions for the currently selected team.
You cannot perform remediation actions for the currently selected team.
Google API Access Configuration
Domain and Directory Access  
INKY uses the Google Directory API to check your tenant's domain and directory information to help ensure you stay protected. Note that this requires you to log into your G Suite Admin Console and configure your tenant to allow access by INKY's service account. Note: Once this access is granted, you may use the "Check for Missing Domains" tool under Advanced Config > Domain Information; please report any missing domains to INKY support.
Instructions:
  1. Go to the Google Admin console and follow the instructions for setting up Domain-Wide Delegation with the following details:
    • Client ID:
    • Scopes:
      • https://www.googleapis.com/auth/admin.directory.user.readonly
      • https://www.googleapis.com/auth/admin.directory.domain.readonly
      • https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly
      • https://www.googleapis.com/auth/admin.directory.group.readonly
  2. After granting access to our app, click the button below to verify. Note that the access may take anywhere from one hour up to 24 hours to take effect.
API access was granted by on . Reconfirm Access

Remediation Access  
To enable remediation actions via the dashboard, such as removing dangerous messages from user mailboxes, you may grant read/write permissions to INKY. Note that this requires you to log into your G Suite Admin Console and configure your tenant to allow access by INKY's service account. The INKY service will not remove any messages automatically; only an authorized administrator can invoke the remediation actions.
Instructions:
  1. Go to the Google Admin console and follow the instructions for setting up Domain-Wide Delegation with the following details:
    • Client ID:
    • Scopes: https://www.googleapis.com/auth/gmail.modify
  2. After granting access to our app, click the button below to verify. Note that the access may take anywhere from one hour up to 24 hours to take effect.
API access was verified by on . Reconfirm Access
You can perform remediation actions for the currently selected team.
You cannot perform remediation actions for the currently selected team.
Admin Management for  
This is a read-only view of your current admins. Please contact your support representative to request any changes.

Advanced Configuration
Learning Mode
INKY can be configured to run in "learning mode." During this time, some special consideration will be given to the fact that INKY was just recently enabled. This includes a learning mode link in INKY's banners (which leads to the Report This Email page). The Report This Email and Details pages also include an added reminder that INKY was newly added and solicits additional feedback.
Learning mode is ON/OFF until  
During this time, your users will not see certain results in the INKY banner (i.e., ), but INKY will let you review these so-called "Suppressed Results" in Threat Details. During the learning mode period, you should review these results and apply any appropriate allow list or policy changes until all the suppressed results are real threats.
Upstream Provider
If your organization uses an additional upstream provider, update this section to help INKY produce the most accurate results possible. If you use an upstream provider not listed here, please contact your support representative.
Phishing Awareness Training Platforms
Update this section if your organization runs phishing awareness campaigns using one or more of the platforms listed below, and you would like to customize INKY's behaviors for simulated phishing messages originating from these platforms. If you use a platform not listed here, please contact your support representative.
Note: To select or deselect, press ⌘ (on Mac) or Ctrl (on Windows) while clicking.
By default, notifications will follow the settings listed under Settings > Custom Reporting Email Notifications
KnowBe4 Phish Alert Integration
If your organization uses KnowBe4's Phish Alert Button, enter the license key found on your KnowBe4 Account Settings page. Doing so will cause INKY to notify KnowBe4 whenever a user successfully identifies a phishing simulation using INKY's Report This Email functionality. In addition, INKY will forward non-simulated phishing emails to any custom addresses that you have configured within KnowBe4.
InQuest Deep File Inspection
Use the settings below to configure InQuest deep file inspection for your mail.
(Minimum score needed to trigger an INKY banner.)
Domain Configuration
This is a view of your current domain configuration within INKY. Please contact your support representative to request any changes. Note that a next-hop destination in brackets like [host] means MX DNS lookups are disabled; the A record will be used instead.
To check for missing domains, please grant Domain and Directory API Access.
Encryption Rule List for  
This is a read-only view of your current Encryption Rules List. Please contact your support representative to request any changes.
Metrics
Loading...
Loading...
DMARC Monitoring
Your Sender Authentication Configuration (DMARC, SPF, & DKIM Records)
This section presents the status of several DNS records related to sender authentication for your team. For each domain assigned to your team, you will see the status of the DMARC and SPF records, which exist at well-known DNS records. Also, if INKY is a recipient of DMARC aggregate report emails, you will see the status of DKIM records that have been reported to INKY as being used by mail senders. Furthermore, we list relevant records of any subdomains that have been reported via DMARC reports (i.e., subdomains observed in the wild appearing in the From header or as the envelope sender).
Loading...
DMARC Setup Instructions
In order for INKY to collect data on mail being sent by your domains (or spoofing your domains), you must add the following DNS record for all of your domains.
Loading...
Create the following TXT record for each of your domains:
Domain: _dmarc.<domain> (e.g., _dmarc.example.com)

Value:

TTL: 3600
DMARC Aggregate Report Data
Below is data aggregated from DMARC reports received by INKY based on any DMARC DNS records configured according to the above instructions.
Loading...
Tools
Other Tools
Here are links to other INKY tools.
Manage Microsoft 365 Deployments:
To configure INKY for a new or existing team, please visit the INKY Phish Fence for Office 365 Discovery and Deployment site.