Your KSAT console records when a user opens a phishing security test (PST) email by using a tracking pixel, which is embedded into all of KnowBe4's PST emails. Upon loading, the pixel will "call back" to your KSAT console to record if a user has opened their PST email.
Email opens are not considered a failure on a phishing test and do not contribute to a user's Phish-prone Percentage. A PST will automatically show as opened in certain situations, such as if a user reports the email with the Phish Alert Button (PAB). Additionally, if a user fails your phishing test by clicking a link or opening an attachment, we will automatically record that email as "open" in our system, even if the tracking pixel does not load.
Email Opens Not Being Recorded
Some organizations do not allow images in emails to be automatically downloaded. In these cases, email opens cannot be tracked because the pixel will not load and, therefore, will not record the open in PST reports.
If your organization blocks images from being automatically downloaded, there are two methods that will allow you to load the tracking pixel and record email opens. See the two options detailed below:
Safe Senders List (not recommended)
You can add phishing email senders to a safe senders list to allow all email images to load. This method is not recommended for the following reasons:
- There is a limit to the number of safe senders you can add, and KnowBe4 sends from many different email addresses. Our phishing test email senders are also subject to change without notice.
- Your users may be able to identify KnowBe4 PSTs due to all of the images for the PSTs loading, while other external, non-KnowBe4 emails would not load images.
Trusted Zone in Outlook (recommended)
You can create a Group Policy Object (GPO) in Active Directory to update the Trusted Zone in Outlook to allow tracking pixels to load without allowing all other PST images to load. The steps to complete this are detailed below:
- Navigate to your Local Group Policy Editor.
- You will find the correct Group Policy to edit by navigating to User Configuration > Windows Settings > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.
- Double-click the Site to Zone Assignment List policy to modify the policy.
- Enable the policy by selecting the Enabled option.
- Under the Options area, click Show.
- From the Show Contents window, enter the phish link domain used in your test in the Value Name. You can also use wildcards in your entry to indicate a phish link subdomain.
- For a complete list of phish link domains, navigate to the Phishing > Domains tab in your KSAT console.
- For the Value, enter "2", which corresponds to "Trusted Zone".
- Click OK.
- Navigate to Outlook.
- Select Options > Trust Center > Trust Center Settings. Click the check mark to Allow downloads from Websites in this security zone: Trust Zone.
We recommend sending a phishing test campaign to yourself once these settings are saved so you can ensure opens are being tracked successfully.
Preview Pane Open Tracking
If your mail client is set up to download images in the preview pane automatically, phishing test emails will be marked as opened if your user previews them in the preview pane.
If your mail client doesn't download images automatically in the preview pane, it won't show as opened.
Turn Off Open Tracking
You can turn off email open tracking to remove the embedded tracking pixel so that opens will not be recorded in your PST reports. Follow the steps below if you'd like to do that.