Additional Analysis Settings

Configure specialized detection rules for QR codes, new domains, geographic blocking, and suspicious TLDs.

Written By Matt Sywulak

Last updated About 2 months ago

Analysis - INKY

QR Code Detection

Warn users about QR codes

Enabled: Any QR code triggers Caution or Danger banner based on decoded URL analysis.

QR code policy text - Custom message to display in QR code warnings. Leave blank to use INKY's default.

Linked URL - Optional link to your QR code security policy.

Domain Age Analysis

Maximum age for "newly registered" domain - Set 1-60 days (0 to disable). Domains registered within this timeframe get flagged as potentially suspicious.

Always consider Newly Registered Domain as Danger - Enabled: Red banner. Disabled: Yellow banner unless other threats detected.

Recommendation: 30 days catches brand-new phishing domains while minimizing false positives.

Geographic and TLD Blocking

Blocked Sender Locations

  • Select countries whose mail gets Danger level and Blocked Sender Location result. Mail identified as originating from these locations is automatically flagged.

  • Example: Russian Federation (RU)

  • Automatically block ccTLDs of selected locations - Blocks country code domains matching selected locations. Use carefully—Colombia (.co) and Montenegro (.me) have legitimate commercial use.

Block Many Countries

To enhance cybersecurity measures, teams may consider blocking certain countries while ensuring the United States remains accessible.

The User Interface (UI) accepts comma-separated values, allowing you to block multiple countries simultaneously with ease. Simply copy one of the country code lists provided below and paste it into the INKY dashboard, followed by pressing enter, to block all countries in the list.

We employ the ISO 3166-1 country codes for location-based sender blocking, which can be referenced here. To create a custom block list, please follow the examples below, copying and pasting your constructed list into the INKY dashboard.

Exercise caution when selecting countries like Colombia (.co) and Montenegro (.me) whose ccTLDs are widely used by numerous legitimate companies. While this list is not exhaustive, it provides an example of what may be inadvertently blocked should you opt to restrict these countries.

  1. .tv - Tuvalu: Widely used by television and media-related websites.

  2. .io - British Indian Ocean Territory: Popular among technology and startup companies because "IO" is commonly used as an acronym for input/output in IT.

  3. .me - Montenegro: Often used for personal websites or blogs due to the word "me" being prevalent in English.

  4. .ly - Libya: Used for domain hacks because "ly" is a common suffix (e.g., bit.ly ).

  5. .ai - Anguilla: Gained popularity among AI (Artificial Intelligence) companies and startups.

  6. .co - Colombia: Frequently used by companies as it resembles "com."

  7. .fm - Federated States of Micronesia: Often used by FM radio stations.

  8. .gg - Guernsey: Popular within the gaming community, as "gg" is commonly used to signify "good game."

  9. .to - Tonga: Used for domain hacks and occasionally by Toronto-based entities.

  10. .cc - Cocos (Keeling) Islands: Sometimes used as a generic code for Christian Church or Cycling Club.

Visit Block Countries csv lists to copy pre-built csv block lists.

Blocked Top-Level Domains

  • Enter TLDs or public suffixes to block (one per line). Mail containing these in sender addresses, links, or image URLs gets Danger level.

  • Common examples: zip, top, xyz

  • Matches found in: MAIL FROM envelope, From/Reply-To headers, link URLs, image URLs.

SharePoint and OneDrive Link Warnings

Enable warnings for external SharePoint/OneDrive links - Flags links to SharePoint/OneDrive sites outside your organization.

Trusted Microsoft tenant domains - Enter tenant names to suppress warnings (without -my.sharepoint.com). Your own <domain>.onmicrosoft.com tenants are automatically trusted.

Example: Enter contoso to trust contoso-my.sharepoint.com

Available in: All bundles