Why “Opens” Are Not Always Recorded — Outlook Settings Explained
Why "Email Open" Data May Not Appear in Outlook
How We Track Email Opens
TSAT tracks email opens using a common industry method:
- Every email we send includes a tiny, invisible 1×1 pixel image (called a tracking pixel).
- When the email is opened, the image loads from our server.
- That loading event is recorded as an “open.”
Why Opens May Not Be Recorded in Outlook
Microsoft Outlook and Exchange environments are designed with strong privacy and security defaults. One of these is:
- Automatic image download is disabled by default.
- This means Outlook does not load external images (including the 1×1 pixel tracker).
- As a result, even if the email is opened, Outlook does not fetch the tracking image — and no “open” is recorded in our system.
This behavior is controlled by Microsoft, not by our platform.
The Most Reliable Metrics
While “email open” data may be incomplete in Outlook environments, the critical engagement metrics remain fully accurate:
- Link Clicks – Recorded when a user clicks the phishing link.
- Data Submissions – Recorded if a user enters information on the landing page.
Both of these actions happen on our infrastructure, ensuring 100% accuracy once the user interacts with the email.
Summary
If you notice missing email open data for Outlook users, this is due to Microsoft’s image-blocking settings. Our platform continues to track the most important parameters — clicks and data submissions — with complete accuracy. These are the best indicators of user behavior during phishing simulations.
Related Articles
How to set up Settings in TSAT?
1. PROFILE SETTING : User Profile Information : First Name and Last Name are editable fields. Click on "SAVE" once the changes have been made. Automatic Campaign Expired : Number of days after which the campaign gets completed. Click on save once ...How can an admin add domain to their TSAT instance?
Adding a subdomain for a landing URL domain can be done easily. PFB the article in which we have explained how to do that : Article Link : Click HereHow to Whitelist Threatcop by Email Header in Google Workspace
Whitelist by Email Header in Google Workspace If your organization uses Google Workspace, you can ensure delivery of Threatcop’s simulated phishing emails by whitelisting them using email headers. This is done by applying a Content Compliance rule ...Configuration of DMI on G-Suite
Configuration of DMI on G-suite Login to the Threatcop Admin portal. Add & verify your domain by navigating to Directory > Domains > Add new Domain. Add your domain name & select Google Workspace in Domain Type. Navigate to the TSAT portal & click on ...Why is it important to add and verify domain?
To uploaded the users which belong to a particular domain, you are required to add and verify that domain in the TSAT settings. How to add a domain in the settings,