Training with Spoofed Addresses


(Matt Keegan) #1

A lot of Knowbe4’s templates generate emails that are from your spoofed domain. I’m wondering what other organizations do here if they are set up to block spoofed domain emails.
Is it more beneficial to train users to spot these spoofed email addresses on the off chance that one is able to slip through the protection (I’m not sure what the likelyhood of that is)? Or should you maybe use an email address that is “similar” to your internal domain address?

What do you think? I’d love any input.


#4

I’d rather use a similar domain, as in full spoofed domain the requirement from the user is illogical, because then he cannot trust any internal legit email.