Configure Workflow Rules

Workflow rules define which outbound messages trigger actions. When INKY detects conditions you specify, it applies the actions you choose.

Written By Matt Sywulak

Last updated 5 days ago

Creating a Rule

  1. Navigate: Admin Center → Outbound Protection Settings Outbound Protection - INKY

  2. Click: Add Rule

  3. Configure conditions and actions (see below)

  4. Save

Setting Conditions

Use the rule editor to define what triggers the rule:

Condition Logic:

  • Toggle between AND (all must match) and OR (any can match)

  • Combine multiple conditions for precision

  • If you to trigger when the condition is not matched use the negation icon to the left.

Available Conditions:

  • Data Types - Credit cards, SSNs, passports, bank accounts, medical info, crypto addresses

  • Email Headers - Subject, from, to, custom X-INKY-Workflow headers

  • Content Patterns - Custom regex for specific phrases or formats

  • Workflow Headers - Match internal routing signals (e.g., "outside") Use your Google or Microsoft rules to add the header X-Inky-Workflow with your custom values.

Example: Detect SSNs AND external recipients:

Workflow Header: Matches "outside" Data Type: Matches "National IDs"

Data Type Exclusions

When you add a Data Types condition to a rule, you can configure exclusions per data type. Exclusions let you avoid triggering the rule for specific patterns or contexts—for example, detecting SSNs while excluding certain formats or use cases.

How to access: Select the Data Types condition in the rule editor. Exclusion options appear for each data type you add.

  • Per-data-type configuration — Each data type (e.g., SSNs, credit cards, passports) has its own exclusion settings. Configure exclusions separately for each type.

  • Context filter — A context filter is shown only when it applies to the selected data type. Use it to narrow or broaden when the exclusion applies.

  • Info tooltip — An info icon next to exclusions explains how they work and how to configure them.

Note: Exclusions are scoped to each data type independently. Exclusions for one data type do not affect others.

Setting Actions

Choose what happens when conditions match:

  • Sender Confirm - User approves their own message

  • Approval Required - Designated approver must review

  • Encrypt - Automatically send via encryption portal

Action Order: If multiple rules trigger, actions apply in this order:

  1. Sender Confirm

  2. Approval Required

  3. Encrypt

Rule-Level Approvers

Override global approvers for specific rules:

  1. Add Approval Required action

  2. Click gear icon on the action

  3. Select Approver Overrides

  4. Choose specific approvers for this rule

Backup Triggers

For rule-level approvers, set backup notifications:

  • Triggers X hours before approval expires

  • Sends notification to default approvers

  • Prevents messages from timing out

Example: 72-hour approval window, 8-hour backup trigger = default approvers notified at 64 hours if no approval yet.

Default Rules

INKY provides two disabled rules to start:

  • Personally Identifiable Information - Detects IDs, licenses, passports

  • Business Related Information - Detects financial and medical data

Enable and customize these or create your own.

Workflow headers

You are able to set your own custom conditions using a workflow header. Use the internal routing features of our mail environment to add the header X-Inky-Workflow

  • X-Inky-Workflow

Example rule in Microsoft o365 to tag mail being sent to an all company mailing list

Example of an o365 rule to set an X-Inky-Workflow header

Best Practices

  • Start narrow - Begin with high-risk data types, expand gradually

  • Test first - Use audit for new rules before performing actions

  • Monitor results - Review triggered rules in Workflow Portal