Currently, it is required to whitelist all off Amazon tracking (*.awstrack.me) globally. This presents a potential privacy and security issue as it is so broad.

Amazon allows for and documents how to use alias records so that customers see your DNS names and not Amazon's. It is easier to whitelist all of Sophos than it is to whitelist all of Amazon. As a security company, correcting these perceived issues should be paramount.

See the link to Amazon's documentation for details.

https://docs.aws.amazon.com/ses/latest/DeveloperGuide/configure-custom-open-click-domains.html

ability to enroll multiple users through CSV for a campaign instead of manually selecting them or avoid creating a user group manually.

In phish threat under the campaign overview it shows "device breakdown". This displays either computers or mobile devices with respective statistics.

It would be great to click the respective device group and display the users associated with this device type, or at least have the ability to see this information somewhere such as results.

We're reaching out regarding an issue with the Phish Threat product. The training campaigns work just fine except that the link within the enrollment email shows a URL that looks illegitimate to end users. We deployed it to one of our clients and they thought that the training was a phishing spam. The same issue occurred when looking at the URL on the Training landing page. Is there a way that can be cleaned up so that the URL's for the Phish Threat product don't look like the very spam we're training users to avoid?

The ability to add user information, such as First Name, Last Name and email address on the Caught Landing page will add a personal touch when user were caught.

Adding the company logo was a nice touch, but adding user info would be great. This function was already enabled on the phish email, shouldn't be hard to implement.

If I have a domain protected by Central Email Protection, I should be able to use that domain to send emails with Phish Threat. Of course I wouldn't want to use a domain that my users would be receiving mail at, but a lot of organizations will have multiple domains registered and might want to use an alternate domain that they own for sending Phish Threat mails.

Currently, it is my understanding that I have to wait until a training campaign is finished before I can get a report of the user's scores. I'd like a report that shows that information while the campaign is in progress. This would make it possible to get ahead of the curve with users who are having a problem "getting" the concepts.

Our organization has 20+ Business units. Please allow for multiple upload of [company logo}.
Plus we like to add a signature block at the end of our reminders,in it we use a smaller size of our logo, which cannot be done at this time. The key here is to increase the appearance of authenticity of our threats and to add more integrity to our training. This will get more end users actually responding to the requests for training.

Having the ability to save progress as a user engages in a training campaign with multiple modules would be a welcomed feature. Saving progress, including completed modules, quizzes and scores would be beneficial for most of my users. In the meantime, adding a disclaimer to the "resume training later" link that progress is not saved might help. Thank you.

Duplicate or copy of campaign material.
Suggesting my Idea to Phish Threat in the future to have retrieval or saved a copy of campaign material before and after the campaign was published and have a compatibility html codes for outlook 2016 email format.
As of now were just copying html codes to create new campaign and needed to be checked for the exact format and view for outlook 2016 versions.

I would like to be able to archive users, but keep their data within the system, so I can keep searching and having accurate reports based on who a campaign was sent to, even if the user is no longer active.
(I guess I am operating under the assumption that when I "replace" a user file, all record of users that are removed goes away with them - is that correct?)

If I use the Adopt a Pet campaign, you should allow the user to see the actual video of the cute puppies after they take the training.

How about a CrossFit themed e-mail template?

I see a "search" option within the Employee Data page of a campaign, and it states that I can search by name, department, job title, or email. I typed in a department name which I copied and pasted from the campaign summary page, and it found no results.
In an ideal world, either this would work, or there would be a department drop-down that would allow me to filter.

It would be good, that we could see the date and time of the Failed Trainings of enrolled users, also his score and what answers he choosed...
As it is now, when one choose list of users who had Failed the Training, bbut also retake that training again, you won´t see the date of Failed Training. For the system, it is Completed no matter what and it won´t show in statistics.

Most of the training we provide customers is in video format and requires the employee to hear what's being said. However most employees will not necessarily have headphones at work to view and hear these training videos. Perhaps consider this when creating more training but also ensure sysadmins are aware the training will require the employee to hear the audio to complete the training. That way they can pick and choose which training is better suited. Some offices allow headphones some might not.

Currently it's not possible to save a campaign as a draft. ability to draft a campaign in Phish Threat is crucial because if session expires, or you just need to gather more info or... and return to a partially completed campaign, then everything disappears and you need to start from scratch.

Currently you can only go back 1 year in the reporting tool. You can't parse data from older campaigns. Please disable this restriction.

If we have activity on Sophos Portal It should be interesting not to be logged out.

When we're in the middle of planning a campaing I've been kicked out lot of times and we've lost the work

Thanks