Old UI
  • Documentation Platform
    • Technical Guide
      • Whitelisting
        • Whitelisting the Pictures on Microsoft Outlook Apps
      • Minimum Requirements
      • On-Premise Requirements
        • Restricting the Access to Portal According IP
          • How to Import SSL Certificates in IIS
        • Why does the disk on the server fill up fast?
      • Getting Started
      • Phishing Simulator
      • Awareness Educator
      • Incident Responder
        • How does investigation mechanism work?
          • Benefits of Phishing Incident Responder
          • Reverse Engineering Support
          • Privacy and Security
          • Audit
          • Integrations
        • API Settings
          • Configuration steps for Office 365: Microsoft Graph App Configuration
          • Exchange Mail Configuration
          • GSuite API Configuration Guide
          • Gsuite Mail Configration
        • Analysing Suspicious Emails
          • Starting an Automatic Incident Investigation
          • Starting a Manual Incident Investigation
          • Playbook
        • FAQ (Incident Responder&Phishing Reporter)
      • Phishing Reporter Add-In
        • Installation
        • Microsoft Defender Email Reporter Add-In
      • Email Threat Simulator (ETS)
        • Creating a Trusted Account for E-mail Security Tests
          • Restriction of the Authority of the Test Account
          • Restrict Email Address
          • Enable Mailbox Audit Logging for Test Account
        • Dashboard
        • Quick Scan
        • Advanced Scan
        • Interpretation of ETS Report
        • FAQ ( ETS)
      • Threat Intelligence
        • FAQ (Threat Intelligence)
      • Report Manager
        • Phishing Campaign Report List
          • Phishing Campaign Summary
          • Statistics
          • Opened Email
          • Clicked Link in The Phishing Campaign Email
          • Submitted Form
          • Opened Attachment
          • Phishing Reporter
          • Campaign No response
          • Email Delivery Report
          • Phishing User Compare
          • Departments
        • Training Campaign Reports
          • Training Summary
          • Training Statistics
          • Opened Training Email
          • Clicked Training Link
          • View Duration
          • No Response
          • Sending Report
          • Training User Compare
          • Exam
        • Users KPI
          • User-based Grade
          • Department-based Grade
          • Target Group based grade
          • Company-based grade
        • Advanced Reporting
      • Company
        • User Role Management
      • Advanced Settings
        • Allow Email Domains
        • White Labelling
        • LDAP Settings
        • SCIM Integrations
        • Notification Templates
          • Short Codes
          • Using Notification Templates
        • Data Anonymisation
      • Available for Option
      • API Guide
        • REST API for Incident Responder (IR) Operation
        • REST API for SSO Authentication
      • Diagnostic Tool
        • FAQ
    • Maintenance Tool
    • FAQ (All Modules)
      • Video Tutorials
        • Quick Start
        • Google Workspace API Configuration Guide
        • On Premise Requirement Checker Video
        • Phishing Reporter Installation & Deployment
Powered by GitBook
On this page
  • Why does "X" appear on Microsoft Emails?
  • How to Prevent X from Appearing on Microsoft Emails?
  1. Documentation Platform
  2. Technical Guide
  3. Whitelisting

Whitelisting the Pictures on Microsoft Outlook Apps

PreviousWhitelistingNextMinimum Requirements

Last updated 2 years ago

Using this setting, you can ensure that the pictures Microsoft Outlook emails sent are uploaded directly, and thereby the mark (X) can be removed from users' inboxes during phishing and training campaigns.

Why does "X" appear on Microsoft Emails?

When you send an email to your users, Keepnet Labs places a user-invisible image with a height and width of 1px at the bottom of the email to see if the email is read by the target user (sometimes called a tracking pixel). This is a very common practice for modern digital marketing campaigns. However, many email services automatically block images, therefore resulting in the "red X". If the user downloads the image, a request is sent to the address where the picture was is originated from. Thus, our portal can report whether the email has been read or not, provided the user 'downloads' or 'opens' the picture.

, , and other big email marketing products also send emails using this method, use these tracking pixels to confirm that the email is opened/read by the recipient. No other method has yet been developed technologically to understand whether or not the user has read the email.

Microsoft prevents the images in the email from being displayed directly to the users on its email products and applications (Outlook Desktop, Office 365 Web Portal, etc.). Because in real life, cyber attackers can use this same method to find out whether or not the target users are active email users and get their user-agent and IP information.

On Google GSuite products though, images are displayed directly, but while they are displayed, Google executes these processes through a proxy server for images. In this way, the real IP and user-agent information of the user are not disclosed.

How to Prevent X from Appearing on Microsoft Emails?

By ensuring that the images in emails sent are uploaded directly, you can prevent X from appearing on Microsoft Emails.

To enable this process, go to the Safe Sender List on Microsoft Outlook, add the FROM that will be used during phishing and training campaigns. This setting also must be made available to all users via group policy.

This process is demonstrated in detail in the article "".

Applying this policy before sending phishing or training campaigns resolves the whitelisting of images in the email.

Mailchimp
Sendgrid
Create a deploy safe senders list using Group Policy