VIP Spoofing Protection

VIP Spoofing Protection escalates threats to Danger level when attackers impersonate your highest-risk targets—executives, board members, and frequently-spoofed employees. This is more aggressive than standard Internal Name Spoofing Protection.

Written By Matt Sywulak

Last updated 4 months ago

Key distinction: Don't add all employees here. Use Internal Name Spoofing Protection for general employee impersonation detection. The VIP list is reserved for people whose impersonation represents critical business risk (wire fraud, executive compromise, board-level attacks).

Configure VIP List

VIP List - INKY

  1. Add VIPs individually:

    • Enter last name, first name, and email address

    • Add all valid email addresses for each person (work, personal, aliases)

    • Click "Add new VIP"

  2. Or import via CSV:

    • Format: last_name, first_name, email_address

    • One row per email address (same person can have multiple rows)

    • Upload via "Import CSV"

  3. Enable protection:

    • Toggle on "Enable spoofing checks"

    • Configure additional options as needed

Key Settings

Require matching VIP email addresses to be authenticated - Only accepts emails from VIP addresses that pass SPF/DKIM/DMARC. Recommended to prevent legitimate VIP addresses from being spoofed.

Include Subject in VIP name matching - Flags emails with VIP names in the subject line (exact match only). Useful for catching "From: [VIP Name]" signature blocks.

Critical: Include All Email Addresses

The list must contain every email address a VIP legitimately uses:

  • Work addresses (including aliases)

  • Personal accounts (Gmail, Outlook, etc.)

  • Former company addresses they still use

Why: INKY flags any VIP name coming from an unlisted address. Missing a legitimate address creates false positives.

Best practice: Wait to enable checks until all addresses are added or expect users to report false matches initially.

Who to Include

High-risk targets only:

  • C-suite executives and board members

  • Finance/accounting team (wire fraud targets)

  • Employees frequently impersonated in attacks (even if not actual VIPs)

Keep this list small and focused. You don't need executive-level authority to be on the list—only high spoofing risk. For general employee impersonation protection, use Internal Name Spoofing Protection instead.

CSV Format Example

last_name, first_name, email_address 
Smith, John, john.smith@company.com 
Smith, John, jsmith@gmail.com 
Smith, John, john@consulting-firm.com 
Doe, Jane, jane.doe@company.com

First line (column headers) is optional if columns follow this order.

Export current list: Use "Download CSV" to back up or edit in bulk.