Troubleshooting Guide: Why"Opened" Email Counts Differ Between Dashboard and CSV Report

You might notice that some learners in Phishing campaigns are recorded in CSV Reports as having "Clicked" but not "Opened".

Why this happens

Our phishing simulator tracks email opens using a small, invisible embedded image inside each email. When this image loads, it signals the email was opened.

However, many email clients block images by default. If a user’s email client doesn’t automatically load images, the “Opened” event won’t be recorded in the CSV report.

What About the Dashboard and PDF Report?

The dashboard and PDF reports take a more lenient approach. If a user clicks on a link in the email, the system assumes the email was opened, even if the tracking image wasn’t loaded. The dashboard will mark this with a hollow “assumed opened” icon to avoid undercounting engagement.

This is why the “Opened” count on the dashboard and PDF report may differ from the “Opened” count in the CSV export.

Note: Click and submission data are always recorded correctly, regardless of image loading. This means your phishing rate and campaign effectiveness are not impacted by image-blocking. The difference is purely in how the “Open” action is tracked and reported.

How to Fix it ( Enable Automatic Image Downloading)

To get the most accurate reporting, allow images to load automatically in phishing emails.

Option 1 - Add the Goldphish to your Safe Senders list:

Add app@goldphish.com to your Safe Senders list. This tells your email client to always trust messages from us and show images.

Option 2 - For Outlook users (Organisation-wide -wide via Group Policy)

If you manage email settings for your organisation, configure Outlook to trust specific senders or domains using Group Policy.

Microsoft Guide: How to add Safe Senders via Group Policy in Outlook.