Internal Mail Detection
Configure how INKY handles mail from your domains arriving through external systems—critical for accurate spoofing detection.
Written By Matt Sywulak
Last updated 4 months ago
Admin Center > Analysis > Internal Mail Detection
Key Settings
Treat all mail between team domains as internal
Enabled: Mail from any configured team domain with valid SPF/DKIM is treated as internal. Without authentication, it's flagged as spoofing.
Disabled: Only mail from the recipient's specific domain is checked for internal spoofing.
Recommendation: Enable for multi-domain organizations to detect cross-domain spoofing.
Always consider Spoofed Internal Sender as Danger
Enabled: Spoofed internal mail gets red banner (Danger level).
Disabled: May receive yellow banner (Caution) based on other indicators.
Recommendation: Enable for zero-tolerance on internal impersonation.
Smarthost Deployments Only
Assume all mail processed by INKY is external
For smarthost configurations where INKY can't automatically distinguish internal from external mail. Enabling this allows spoofing detection by treating all mail as external.
Only enable if: Using smarthost deployment and need internal spoofing warnings.
Internal Mail Server IP Addresses
Comma-separated list of IP addresses or CIDR blocks for mail sources that should always be considered internal.
Format: 192.168.1.10, 10.0.0.0/24, 172.16.5.50
Use case: Internal mail servers, relay hosts, or trusted appliances sending on behalf of users.
vs. Trusted Third-Party Senders
Use Internal Mail Detection for: Your own infrastructure (internal mail servers, relays, appliances) that INKY sees as external due to deployment architecture.
Use Trusted Third-Party Senders for: External services (Mailchimp, Salesforce) sending marketing/transactional mail with your domain in the From field.
Key difference: Internal Mail Detection is for YOUR mail systems. Trusted Third-Party is for EXTERNAL services sending on your behalf.