I just sent a small test campaign to 3 of my colleagues to test the reporting of the tool. It shows that all 3 mails were sent but only 1 of them opened the mail and clicked the link. When I checked with my colleagues they all said they opened the mail but only 1 of them clicked the link. After this I have created several other campaigns to further test this behaviour and I have noticed that in all cases where the user opens the mail and clicks the link it is reported correctly. But when a user only opens the mail it is reported as mail sent but not opened.
Is anyone else experiencing this issue as well or is there something I am missing in the campaign settings?
Hi Network Security1
Apologies for this confusion, however this is expected reporting behavior when it comes to emails being opened by users but the phishing link not being clicked.
This is indeed unfortunate given were unable to use the Outlook plugin. Can this not be a suggested product development upgrade?
Hey David Casceillo
I would advise to please create a suggestion on our Sophos Ideas page for visibility to our team.
I am experiencing this and did not experience this in v1, I've logged a support call with them, I am not convinced that this is how it should be as I was getting inaccurate results with clicks as well and was advised to follow this link https://community.sophos.com/kb/en-us/131747 - I have done this and it has not made a difference.
Did you get anywhere with it?
I have tested this once again and on our exchange on-prem environment we see the same issues that are discussed in the kb for O365. The reporting is showing clicked URL's and opened mails even when the mail is selected and deleted. According to our exchange expert everything that needs to be whitelisted is whitelisted but it does not change the incorrect reporting. When I have the time I will contact support again to troubleshoot this further.
I have a fix! Provided by Sophos
1. Follow this artice https://community.sophos.com/kb/en-us/131747 to whitelist the Sophos addresses / domains within Office 365 and your spam filter (Mine is Mimecast) - Create the bypass safe links and attachments within Office 365.
2. The 'Open' statistics will not be reported until the tracking image in the Phish Threat Campaign email has been downloaded. Your current email client settings prevent the automatic download of images in emails, so this is why the 'Open' statistic fails to be reported in the Phish Threat Dashboard. To workaround this issue, follow this article: https://sophos.com/kb/127575 to which it provides this link: https://support.microsoft.com/en-ph/help/2252421/how-to-deploy-junk-email-settings-such-as-the-safe-senders-list-by-usi which is a Microsoft article - This isn't as clear as it needs to be, I followed it to a tea and it caused major issues having the junk email folder setting to Safe Lists Only as it made legitimate emails constantly go to users junk folders, the setting needs to be "No Automatic Filtering":
The Safe Senders and Safe Recipients need to contain the Sophos domains in, these can be imported via a text file but the text file needs to be stored in a drive where all users have access to.
I hope this helps! It has worked for me and I am so glad !
This has resolved the issue for us. Thanks for sharing your solution.