BullPhish ID and INKY Integration: FAQs

We’ve upgraded the integration to use DKIM‑based verification, allowing INKY to reliably identify BullPhish ID emails—including training and simulation messages—even when email traffic is relayed or sent from custom domains.

Yes. DKIM verification improves delivery and reduces the chance that BullPhish ID training emails are misclassified or quarantined.

IPs and headers can change, be relayed, or be altered by third‑party tools. DKIM provides cryptographic proof that the email is authentic and hasn’t been modified.

Yes. DKIM makes simulation emails more reliably identifiable, complementing INKY’s existing phishing awareness training configuration options.

Admins should verify that the BullPhish ID platform is selected under INKY’s Phishing Awareness Training settings. DKIM recognition works without manual IP or header lists.

Technical note: BullPhish ID applies a unique DKIM signature to outgoing emails. INKY validates this signature to confirm that the message was authorized by BullPhish ID and has not been modified.

For detailed steps to complete the integration, see the article Integrating BullPhish ID with INKY.

The improved INKY–BullPhish ID integration ensures training and simulation emails are much more likely to reach inboxes because INKY can reliably recognize them—even when using custom domains, relays, or third-party security tools.

Delivery can still be influenced by factors outside the integration, such as:

• Additional email security layers (spam filters, mail gateways, Microsoft Defender, etc.).
• Policies or rules in your email environment.
• Domain authentication (SPF/DKIM/DMARC) settings.
• Email content modifications by third-party tools.

Tip: For maximum delivery reliability, we recommend whitelisting BullPhish ID emails. See our Safelisting guides for step-by-step instructions.

Emails may still be blocked if:

• The email content is modified by a third-party security tool.
• Another email security layer blocks the message.
• Customer mail flow or security policies override delivery.
• Domain authentication or DMARC settings are misconfigured.
• Heuristic or reputation-based filtering flags the message.

If a third-party tool modifies the email content, the email’s DKIM authentication signal may break. INKY can detect this and may flag or classify the message differently.

To avoid false positives, INKY uses a combination of signals—including DKIM, email headers, IP addresses, and other heuristics—so phishing simulations and training emails are rarely misidentified. The improved DKIM support simply strengthens email recognition and delivery while maintaining accuracy.

No. The INKY + BullPhish ID integration improves recognition and classification within INKY, and it’s designed to work seamlessly with Microsoft mail systems when configured using the automatic or manual setup in the Configure BullPhish ID Integration guide.

However, if your organization uses additional email security tools, such as Proofpoint, Mimecast, or other secure gateways, you may still need to allow BullPhish ID emails through those systems to ensure consistent delivery.

Both. The integration improves recognition and delivery for phishing simulations and training emails.

Admins should confirm BullPhish ID is enabled under Admin Center > Phishing Awareness Training in INKY. No IP allowlists or header rules are required.