Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 7 subscribers
  • Views 4079 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Suspicious about my PhishThreat statistics...

TheLinuxNoob

I've launched a company-wide campaign about a month ago and have some questionable statistics showing. Of 362 sent emails, Sophos says only 124 were opened. So either 238 users never bothered to open the email or these numbers are off. Has anyone else got weird numbers like this? Thanks.



This thread was automatically locked due to age.
Parents
  • +1

    Hi,

    The Email opened data is tracked via. downloaded images in the email. If the organization blocks automatic downloads of image this may not show accurate results.

    Here is how email open tracking works

    • A 1x1 pixel transparent image is in the email body and when the email is opened the client requests the image from a remote server that allows for the event to be recorded. Many email clients disable loading remote images by default, if a user doesn't manually allow the image then the open will never be recorded. The mail client and user settings will absolutely affect the statistics shown on the Central Phish Threat Dashboard. Sophos corrects this data as much as possible. For instance, if a click is recorded but no open event preceded it, then we backfill the data. Sophos suggests adding Phish Threat's email domains to the safe/trusted sender's list in Outlook or other mail clients.Once added to the trusted sender list the images should load, this will improve the open rates and prevent low open rate detection.
    SAJ
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Reply
  • +1

    Hi,

    The Email opened data is tracked via. downloaded images in the email. If the organization blocks automatic downloads of image this may not show accurate results.

    Here is how email open tracking works

    • A 1x1 pixel transparent image is in the email body and when the email is opened the client requests the image from a remote server that allows for the event to be recorded. Many email clients disable loading remote images by default, if a user doesn't manually allow the image then the open will never be recorded. The mail client and user settings will absolutely affect the statistics shown on the Central Phish Threat Dashboard. Sophos corrects this data as much as possible. For instance, if a click is recorded but no open event preceded it, then we backfill the data. Sophos suggests adding Phish Threat's email domains to the safe/trusted sender's list in Outlook or other mail clients.Once added to the trusted sender list the images should load, this will improve the open rates and prevent low open rate detection.
    SAJ
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Children
No Data
Unfiltered HTML