Configure Workflow Rules

Workflow rules define which outbound messages trigger actions. When INKY detects conditions you specify, it applies the actions you choose.

Written By Matt Sywulak

Last updated About 2 months ago

Creating a Rule

  1. Navigate: Admin Center โ†’ Outbound Protection Settings Outbound Protection - INKY

  2. Click: Add Rule

  3. Configure conditions and actions (see below)

  4. Save

Setting Conditions

Use the rule editor to define what triggers the rule:

Condition Logic:

  • Toggle between AND (all must match) and OR (any can match)

  • Combine multiple conditions for precision

  • If you to trigger when the condition is not matched use the negation icon to the left.

Available Conditions:

  • Data Types - Credit cards, SSNs, passports, bank accounts, medical info, crypto addresses

  • Email Headers - Subject, from, to, custom X-INKY-Workflow headers

  • Content Patterns - Custom regex for specific phrases or formats

  • Workflow Headers - Match internal routing signals (e.g., "outside") Use your Google or Microsoft rules to add the header X-Inky-Workflow with your custom values.

Example: Detect SSNs AND external recipients:

Workflow Header: Matches "outside" Data Type: Matches "National IDs"

Data Type Exclusions

When you add a Data Types condition to a rule, you can configure exclusions per data type. Exclusions let you avoid triggering the rule for specific patterns or contextsโ€”for example, detecting SSNs while excluding certain formats or use cases.

How to access: Select the Data Types condition in the rule editor. Exclusion options appear for each data type you add.

  • Per-data-type configuration โ€” Each data type (e.g., SSNs, credit cards, passports) has its own exclusion settings. Configure exclusions separately for each type.

  • Context filter โ€” A context filter is shown only when it applies to the selected data type. Use it to narrow or broaden when the exclusion applies.

  • Info tooltip โ€” An info icon next to exclusions explains how they work and how to configure them.

Note: Exclusions are scoped to each data type independently. Exclusions for one data type do not affect others.

Setting Actions

Choose what happens when conditions match:

  • Sender Confirm - User approves their own message

  • Approval Required - Designated approver must review

  • Encrypt - Automatically send via encryption portal

Action Order: If multiple rules trigger, actions apply in this order:

  1. Sender Confirm

  2. Approval Required

  3. Encrypt

Rule-Level Approvers

Override global approvers for specific rules:

  1. Add Approval Required action

  2. Click gear icon on the action

  3. Select Approver Overrides

  4. Choose specific approvers for this rule

Backup Triggers

For rule-level approvers, set backup notifications:

  • Triggers X hours before approval expires

  • Sends notification to default approvers

  • Prevents messages from timing out

Example: 72-hour approval window, 8-hour backup trigger = default approvers notified at 64 hours if no approval yet.

Default Rules

INKY provides two disabled rules to start:

  • Personally Identifiable Information - Detects IDs, licenses, passports

  • Business Related Information - Detects financial and medical data

Enable and customize these or create your own.

Workflow headers

You are able to set your own custom conditions using a workflow header. Use the internal routing features of our mail environment to add the header X-Inky-Workflow

  • X-Inky-Workflow

Example rule in Microsoft o365 to tag mail being sent to an all company mailing list

Example of an o365 rule to set an X-Inky-Workflow header

Best Practices

  • Start narrow - Begin with high-risk data types, expand gradually

  • Test first - Use audit for new rules before performing actions

  • Monitor results - Review triggered rules in Workflow Portal