Whitelisting the Pictures on Microsoft Outlook Apps

Using this setting, you can ensure that the pictures Microsoft Outlook emails sent are uploaded directly, and thereby the mark (X) can be removed from users' inboxes during phishing and training campaigns.

Why does "X" appear on Microsoft Emails?

When you send an email to your users, Keepnet Labs places a user-invisible image with a height and width of 1px at the bottom of the email to see if the email is read by the target user (sometimes called a tracking pixel). This is a very common practice for modern digital marketing campaigns. However, many email services automatically block images, therefore resulting in the "red X". If the user downloads the image, a request is sent to the address where the picture was is originated from. Thus, our portal can report whether the email has been read or not, provided the user 'downloads' or 'opens' the picture.

Mailchimp, Sendgrid, and other big email marketing products also send emails using this method, use these tracking pixels to confirm that the email is opened/read by the recipient. No other method has yet been developed technologically to understand whether or not the user has read the email.

Microsoft prevents the images in the email from being displayed directly to the users on its email products and applications (Outlook Desktop, Office 365 Web Portal, etc.). Because in real life, cyber attackers can use this same method to find out whether or not the target users are active email users and get their user-agent and IP information.

On Google GSuite products though, images are displayed directly, but while they are displayed, Google executes these processes through a proxy server for images. In this way, the real IP and user-agent information of the user are not disclosed.

How to Prevent X from Appearing on Microsoft Emails?

By ensuring that the images in emails sent are uploaded directly, you can prevent X from appearing on Microsoft Emails.

To enable this process, go to the Safe Sender List on Microsoft Outlook, add the FROM that will be used during phishing and training campaigns. This setting also must be made available to all users via group policy.

This process is demonstrated in detail in the article "Create a deploy safe senders list using Group Policy".

Applying this policy before sending phishing or training campaigns resolves the whitelisting of images in the email.