Campaign statistics in SMARTFENSE can be affected by email client settings and security tools. This article explains how the tracking pixel works and how to properly validate behavior through test campaigns.
Tracking Pixel
Emails sent from the SMARTFENSE platform to users contain a transparent tracking pixel, which holds a unique reference to the recipient user.
This type of pixel is a de facto standard for tracking email opens. The pixel is requested by the recipient user's email client when displaying the message on screen, and it is then that the platform can conclude that the email has been opened.
In SMARTFENSE Newsletters, Phishing, Ransomware, and Teachable Moments campaigns, the “Opened” statistic depends on the correct loading of the tracking pixel.
Common Issues
The “Opened” statistic is not recorded
Email clients are often configured to display messages without loading their images unless the user indicates otherwise.
If an email is opened by an end user but its images are not displayed, the tracking pixel will not be loaded and, therefore, the “Opened” statistic is not recorded by SMARTFENSE.
It is recommended to make specific configurations so that images in SMARTFENSE emails are always downloaded without requiring user authorization. This ensures the correct functioning of the tracking pixel and the “Opened” statistic.
The “Opened” statistic is recorded for a large percentage of users in a short period of time
There are various types of security tools that analyze all links contained in an email before showing them to users.
These tools therefore trigger the tracking pixel before the email is actually opened by users. This usually generates a high number of open records that do not correspond to real user interactions.
In these cases, it is recommended to configure exceptions in the relevant tools to exempt SMARTFENSE from analysis, so campaign statistics are not biased.
Technical Recommendations
To prevent the mentioned issues:
Configure email clients to allow automatic image downloading
Configure exceptions (whitelist) in security tools
Avoid automatic inspection of SMARTFENSE domains
Validation Through Test Campaigns
It is recommended to conduct test campaigns in the real environment before executing productive campaigns.
These campaigns should:
Be sent to multiple users
Validate both delivery and statistics
Recommended Tests by Campaign Type
Phishing Simulation
Create a campaign from Campaigns > Calendar / Campaign List
Include at least 5 recipients.
Indicate in More Options that the campaign is a test
Verify that the email reaches the users
-
Validate in "View campaign details" that:
Deliveries are correctly recorded
No unexpected opens exist
Open the email and validate the open
Click the link and validate the record
Verify that the form can be viewed, complete it, and validate the record
If an Teachable Moment was included, verify that it can be viewed and validate the record of its actions.
Ransomware Simulation
Create the campaign as a test
Verify email receipt
Validate sending in "View campaign details"
Open the email and validate the open
Download the file
Open the file
Validate download and execution records
If an Teachable Moment was included, verify that it can be viewed and validate the record of its actions.
Newsletters
Create the campaign as a test
Verify email receipt
Validate sending in "View campaign details"
Open the email and validate the open
If applicable, answer the validation question
Validate response records
Considerations
Statistics can be affected by factors external to the platform
Not all records necessarily reflect real human interaction
Pre-tests allow detection of incorrect configurations
💡 Best Practices
Conduct test campaigns before real campaigns
Properly configure the organization's whitelists
Validate metrics in real environments before analyzing results