Troubleshooting Guide: Why"Opened" Email Counts Differ Between Dashboard and CSV Report

You might notice that some learners in Phishing campaigns are recorded in CSV Reports as having "Clicked" but not "Opened".

Why this happens

Our phishing simulator tracks email opens using a small, invisible embedded image inside each email. When this image loads, it signals the email was opened.

However, many email clients block images by default. If a user’s email client doesn’t automatically load images, the “Opened” event won’t be recorded in the CSV report.

What About the Dashboard and PDF Report?

The dashboard and PDF reports take a more lenient approach. If a user clicks on a link in the email, the system assumes the email was opened, even if the tracking image wasn’t loaded. The dashboard will mark this with a hollow “assumed opened” icon to avoid undercounting engagement.

This is why the “Opened” count on the dashboard and PDF report may differ from the “Opened” count in the CSV export.

How to Fix it ( Enable Automatic Image Downloading)

To get the most accurate reporting, allow images to load automatically in phishing emails.

Client- Side settings

1. To open the Trust Center, select File > Options > Trust Center > Trust Center Settings.
2. Select the checkbox Permit downloads from Websites in this security zone: Trusted Zone, and confirm by selecting OK.
3. Add our domains to the list of trusted sites in the Windows Internet Options by,

• Open the Internet Options settings in Windows. Select the Security tab at the top, then select Trusted Sites, followed by Sites.
• Enter domain 1 -mail.goldphish.com, select Add
• Enter domain 2 -mail.emailsupport.me, select Add
• Click Close.

4. Reset the Windows Internet Options. Select the Advanced tab and then Reset…. Afterwards, make sure that the checkbox Do not save encrypted pages to disk is not checked.

Rollout in your Organisation

• If you manage email settings for your organisation, configure Outlook to trust specific senders or domains using Group Policy.