Gophish documentation
Navigation
Email Reporting
Gophish allows you to give users the ability to report phishing campaign emails they receive.
The reporting feature is available on the server side, and our current version supports email reporting with IMAP.
Why is Email Reporting Useful?
Email reporting is an active preventative measure that everyone in your organization can participate in.
If a phishing email is spotted earlier, then it’s possible to prevent more people from clicking the email once the organization has been alerted of the threat.
It’s important to give positive feedback to people who report phishing emails and encourage more participation in threat detection.
IMAP Reporting
A best-practice for dealing with phishing emails is to have employees forward suspect emails to a designated email address.
Gophish can use IMAP to check configured mailboxes for reported activity.
When a reported phishing campaign is found, Gophish updates the user profile to show that they reported the email.
You can configure your IMAP settings in “Account Settings” > “Reporting Settings.”
The IMAP settings will consist of the IMAP hostname, port, username, and password.
You may or may not have to enable TLS depending on your mail provider.
Advanced Settings
If you want to go further into custom configurations, you can change which folder campaign emails will be listed in and how often Gophish searches for results.
It is a good idea to restrict the settings to only consider emails from your organization’s domain name.
Gophish can also delete campaign emails after they’ve been reported.
After your settings have been configured and saved, you can use the “Test Settings” button to confirm that Gophish established its IMAP connection.
How Does Reporting Work in Gophish?
Each email links to a landing page for each event in Gophish.
The URL looks like this: http://phish_server/?rid=1234567
The rid parameter specifies the link recipient.
For a recipient to report an email sent by Gophish, an HTTP request needs to be made to:
http://phish_server/report?rid=1234567
If you’re struggling to incorporate reporting into a mail client, please reach out to us at [email protected]
Are You Ready To gophish?
Gophish documentation
Navigation
Email Reporting
Gophish allows you to give users the ability to report phishing campaign emails they receive.
The reporting feature is available on the server side, and our current version supports email reporting with IMAP.
Why is Email Reporting Useful?
Email reporting is an active preventative measure that everyone in your organization can participate in.
If a phishing email is spotted earlier, then it’s possible to prevent more people from clicking the email once the organization has been alerted of the threat.
It’s important to give positive feedback to people who report phishing emails and encourage more participation in threat detection.
IMAP Reporting
A best-practice for dealing with phishing emails is to have employees forward suspect emails to a designated email address.
Gophish can use IMAP to check configured mailboxes for reported activity.
When a reported phishing campaign is found, Gophish updates the user profile to show that they reported the email.
You can configure your IMAP settings in “Account Settings” > “Reporting Settings.”
The IMAP settings will consist of the IMAP hostname, port, username, and password.
You may or may not have to enable TLS depending on your mail provider.
Advanced Settings
If you want to go further into custom configurations, you can change which folder campaign emails will be listed in and how often Gophish searches for results.
It is a good idea to restrict the settings to only consider emails from your organization’s domain name.
Gophish can also delete campaign emails after they’ve been reported.
After your settings have been configured and saved, you can use the “Test Settings” button to confirm that Gophish established its IMAP connection.
How Does Reporting Work in Gophish?
Each email links to a landing page for each event in Gophish.
The URL looks like this: http://phish_server/?rid=1234567
The rid parameter specifies the link recipient.
For a recipient to report an email sent by Gophish, an HTTP request needs to be made to:
http://phish_server/report?rid=1234567
If you’re struggling to incorporate reporting into a mail client, please reach out to us at [email protected]
Are You Ready To gophish?
Gophish documentation
Navigation
Email Reporting
Gophish allows you to give users the ability to report phishing campaign emails they receive.
The reporting feature is available on the server side, and our current version supports email reporting with IMAP.
Why is Email Reporting Useful?
Email reporting is an active preventative measure that everyone in your organization can participate in.
If a phishing email is spotted earlier, then it’s possible to prevent more people from clicking the email once the organization has been alerted of the threat.
It’s important to give positive feedback to people who report phishing emails and encourage more participation in threat detection.
IMAP Reporting
A best-practice for dealing with phishing emails is to have employees forward suspect emails to a designated email address.
Gophish can use IMAP to check configured mailboxes for reported activity.
When a reported phishing campaign is found, Gophish updates the user profile to show that they reported the email
You can configure your IMAP settings in “Account Settings” > “Reporting Settings.”
The IMAP settings will consist of the IMAP hostname, port, username, and password.
You may or may not have to enable TLS depending on your mail provider.
Advanced Settings
If you want to go further into custom configurations, you can change which folder campaign emails will be listed in and how often Gophish searches for results.
It is a good idea to restrict the settings to only consider emails from your organization’s domain name.
Gophish can also delete campaign emails after they’ve been reported.
After your settings have been configured and saved, you can use the “Test Settings” button to confirm that Gophish established its IMAP connection.
How Does Reporting Work in Gophish?
Each email links to a landing page for each event in Gophish.
The URL looks like this: http://phish_server/?rid=1234567
The rid parameter specifies the link recipient.
For a recipient to report an email sent by Gophish, an HTTP request needs to be made to:
http://phish_server/report?rid=1234567
If you’re struggling to incorporate reporting into a mail client, please reach out to us at [email protected]