Known External Senders vs Allow List

Known External Senders are different from Allow List entries.

Use Known External Senders when you want to identify trusted external business partners, vendors, or service providers so users see a blue “Known External” style banner on authenticated mail from those senders.

Use an Allow List entry when you want to suppress a specific INKY warning or classification for a trusted sender, domain, subdomain, or result type.

Adding a sender as Known External does not mean all messages from that sender bypass INKY detection. INKY can still analyze the message and flag suspicious behavior, malicious links, spoofing, or other risks.

ScenarioRecommended area to review
Frequent trusted vendor should appear more recognizable to usersKnown External Senders
Users receive regular mail from a verified business partnerKnown External Senders
A sender is incorrectly flagged as spam, phishing, or maliciousAllow List and threat category
A link inside the sender’s email is blockedLink Rewriting or URL/link exception
A message appears to come from your own domain but was sent by a third-party serviceTrusted Third-Party Senders
A sender fails SPF, DKIM, or DMARCSender authentication; Known External label may not apply

Authentication Is Required

Known External Sender entries only apply to authenticated mail.

If a sender is listed as Known External but the blue banner does not appear, confirm the message passed authentication.

Review:

  • SPF result
  • DKIM result
  • DMARC result
  • Header From domain
  • Envelope sender or Return-Path
  • Actual sending service or platform

If the sender fails authentication, INKY may not show the Known External label even if the sender, domain, or subdomain is listed.

Configure Known External Senders at the Correct Tenant or Team Level

For MSP-managed environments, confirm that the Known External Sender entry was added in the correct customer/team context.

Do not assume that a Known External Sender entry created at a parent organization level will automatically apply to every customer/team. If a trusted vendor should show as Known External for a specific customer, verify that the entry exists for that customer/team.

Review this if:

  • The sender is listed as Known External, but users do not see the blue banner.
  • The sender works for one customer/team but not another.
  • An MSP manages multiple customer tenants.
  • A vendor sends legitimate mail to several customers.
  • The entry was added at the organization level, but the affected users belong to a specific customer/team. 
     

 
 

Do Not Add Your Own Domains

Do not add your own team or customer domains as Known External Senders.

Authenticated mail from team domains is handled automatically. Known External Senders should be used for external business partners, vendors, or service providers.

If a message appears to come from your own domain but was sent by an outside platform, review Trusted Third-Party Senders instead. This is common with billing systems, marketing platforms, ticketing systems, CRM systems, and other services that send on behalf of your domain.

If the Blue Banner Does Not Appear

If a Known External Sender entry was added but users do not see the expected blue banner, check the following:

  • The sender address, domain, or subdomain was entered correctly.
  • The sender is listed in the correct customer/team context.
  • The sender passed SPF, DKIM, and DMARC.
  • The message was received after the Known External Sender entry was added.
  • The message is actually from the listed sender or domain.
  • The message was not sent through an unexpected third-party platform.
  • The message did not trigger a higher-risk INKY classification that changes the banner behavior.
  • The user is part of the expected protected team or customer environment.

If the sender uses a third-party sending platform, review the message headers or EML to confirm the actual sending service.

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section