Hi all, wondering if an ‘open’ in SAT is an actual open if the client is using Outlook’s preview pane. Research shows some say yes, some say only if images are allowed, some say no, one says to ignore it because only clicked links should count.
But specifically within Webroot’s Security Awareness Training, if a client is using Outlook, does ‘open’ in a campaign include people who see it in preview pane only?
Thanks
Franco
Best answer by ggreenbaum
Hi
The preview will indeed generate an open event in the reporting. This is known as a false positive. Dealing with false positives is an issue inherent with any SAT platform, and the resulting “alert fatigue” can be challenging. To help deal with this challenge we recommend you take a layered approach to evaluating campaign results, and do not rely solely on open events to interpret your campaign results. Depending on your email environment, even click events might require a closer look, as secure email gateways can often use bots to probe email.
To provide the additional context, you can look at the detailed event analytics in the CSV download to get a closer look at the clickstream for a particular user to trace ip addresses and event timing to evaluate validity.
Also you might find this article helpful:
https://answers.webroot.com/webroot/ukp.aspx?pid=4&app=vw&vw=1&solutionid=3229
We have features planned for enhanced allow logic which will extend the identification of bots, but the underlying challenge will continue to require a nuanced approach by SAT administrators.
Thanks.
+25
Hi
The preview will indeed generate an open event in the reporting. This is known as a false positive. Dealing with false positives is an issue inherent with any SAT platform, and the resulting “alert fatigue” can be challenging. To help deal with this challenge we recommend you take a layered approach to evaluating campaign results, and do not rely solely on open events to interpret your campaign results. Depending on your email environment, even click events might require a closer look, as secure email gateways can often use bots to probe email.
To provide the additional context, you can look at the detailed event analytics in the CSV download to get a closer look at the clickstream for a particular user to trace ip addresses and event timing to evaluate validity.
Also you might find this article helpful:
https://answers.webroot.com/webroot/ukp.aspx?pid=4&app=vw&vw=1&solutionid=3229
We have features planned for enhanced allow logic which will extend the identification of bots, but the underlying challenge will continue to require a nuanced approach by SAT administrators.
Thanks.
+4No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
