You seem to miss where I said header not from field.
The emails originate from knowb4 or phishme servers and customers whitelist those servers from anti spam/phishing/url inspection to minimise the false positives.
The knowb4 and phishme have their names in as part of the email ehlo exchange and are written into the header for tracking.
KnowBe4, a popular phishing simulation tool, actually has a built-in rickrolling template.
But are entirely defeated if you make a rule in outlooks saying trash any email that contains knowb4 in the header.
Not only do you pass all phishing tests, but you also don’t get spammed by them when renewal comes around.
Phishme is the same. Add a rull saying trash as my email containing phishme.com in the header.
The emails aren’t from KnowBe4. They are from your HR or CEO or IT department. The links themselves are obvious on the hover though.
You seem to miss where I said header not from field.
The emails originate from knowb4 or phishme servers and customers whitelist those servers from anti spam/phishing/url inspection to minimise the false positives.
The knowb4 and phishme have their names in as part of the email ehlo exchange and are written into the header for tracking.
I’m not seeing the header in Microsoft Outlook. At least the web version. I would love to filter these.