Our organization places an [EXTERNAL] tag on the subject line of all messages that originate outside of our domain.
We want our simulated phishing emails to reflect real-world phishing emails and the lack of this tag will be a large tip off to our users once they figure this out! This will force me to stay with the whitelisting method, where we can use a transport rule to apply the required tag. Unfortunately the whitelisting method severely limits the templates that I can use to only ones that contain a valid sender domain.
Please sign in to leave a comment.