Get instant support with our search!
Exchange and Outlook Automatic Image Download Policies
If MetaCompliance phishing emails are not being recorded as opened, this may be due to automatic image downloading being disabled within Exchange or Outlook.
Your organisation’s IT or Exchange administrators can configure Group Policies to enable Automatic Picture Download for Exchange email communications.
Automatic Picture Download allows MetaCompliance to track email opens by placing a small image within the email content. When the email client downloads the image, an open is recorded within the MetaCompliance Reporting for the email.
See the following article for further information on this:
Two Common Solutions to Enable Automatic Image Download
There are two recommended approaches to ensure images download automatically, allowing accurate tracking of email opens:
- Allow automatic download of images across your organisation.
- Use Group Policy to add MetaCompliance domains to the Safe Senders List.
1. Allow Automatic Download of Images across your Organisation.
- In Group Policy, load the Outlook {{version}} template.
- Navigate to User Configuration → Administrative Templates → Microsoft Outlook {{version}} > Security.
- Click Automatic Picture Download Settings.
- Open Display pictures and external content in HTML e-mail.
- Select Enabled, then click OK.
(a) Using the Office Customization Tool to allow automatic download of Internet content.
- Navigate to the Modify user settings page.
- Go to Microsoft Outlook {{version}} → Security → Automatic Picture Download Settings.
- Open Display pictures and external content in HTML e-mail and click OK.
- On the File menu, click Save to create the customisation file for deployment.
(b) Automatically download content from people in Safe Senders and Safe Recipients Lists.
This policy setting controls whether Outlook automatically downloads external content from Safe Senders or Safe Recipients.
If Enabled, Outlook will automatically download this content.
Registry Hive: HKEY_CURRENT_USER
Registry Path: software\policies\microsoft\office\{{version}}\outlook\options\mail
Value Name: unblockspecificsenders
Value Type: REG_DWORD
Enabled Value: 1
Disabled Value: 0
(c) Display pictures and external content in HTML email.
This policy setting controls whether Outlook downloads untrusted pictures and external content located in HTML email messages without users explicitly choosing to download them.
- Enabled: Content will not download automatically unless the sender is in Safe Senders.
- Disabled: Content will download automatically for all HTML emails.
- Not configured: Outlook downloads only content considered safe.
⚠️ Note: Setting this to Enabled allows blanket downloading for all organisational messages. It does not need to be enabled if Safe Senders is already configured.
Registry Hive: HKEY_CURRENT_USERRegistry
Path: software\policies\microsoft\office\{{version}}\outlook\options\mail
Value Name: blockextcontent
Value Type: REG_DWORD
Enabled Value: 1
Disabled Value: 0
2. Using Group Policy to add MetaCompliance domains to the Safe Senders List.
This method adjusts your Safe Senders List to allow accurate tracking of phishing email opens.
If your organisation does not already have a Safe Senders List, you must create one.
(a) Creating a Safe Senders List
- Create a .txt file listing safe senders (domains or addresses), each on a new line.
- Save it to a file share that is accessible by all clients; for example, \\FileServer\sharedfiles\
- Add the appropriate Office version Administrative Template to Group Policy:
- Office 2010 Administrative Template: https://www.microsoft.com/en-us/download/details.aspx?id=18968
- Office 2013 Administrative Template: https://www.microsoft.com/en-au/download/details.aspx?id=35554
- Office 2016 Administrative Template: https://www.microsoft.com/en-us/download/details.aspx?id=49030
- Create a new GPO for customising Outlook or Office.
- In the GPO, go to User Configuration → Policies → Administrative Templates → Microsoft Office Outlook {{version}} → Options → Preferences → Junk Email.
- Open Specify path to Safe Senders List; for example, \\FileServer\sharedfiles\safesenderslist.txt
- Set this policy to 'Enabled' and specify the path to the .txt file that you've just saved in Step 2 above.
- The above setting tells Outlook where to locate the import file; however, it does not tell Outlook to import the file. This is done through a registry key entry.
- You can add this in the same GPO by navigating to User Configuration → Preferences → Windows Settings → Registry.
- Right-click Registry and select New Registry Item.
- Set the properties to the following:
- Action: Update
- Hive: HKEY_CURRENT_USER
- Key Path: Software\Policies\Microsoft\Office\1x.0\Outlook\Options\Mail
- Value Name: JunkMailImportLists
- Value Type: REG_DWORD
- Value Data:1
- Base: Decimal
⚠️ Note: The 1x.0 placeholder represents your version of Outlook (11.0 = Outlook 2003, 12.0 = Outlook 2007, 14.0 = Outlook 2010, 15.0 = Outlook 2013, and 16.0 = Outlook 2016).
For example, the key path for Outlook 2010 will be:
- Software → Policies → Microsoft → Office → 14.0 → Outlook → Options → Mail.
(b) Configure Junk Email settings and save the Junk Email filter file changes.
- Use Group Policy to configure Junk Email filter files for users. In Group Policy, load the Outlook 2013 template, and open the following:
- User Configuration → Administrative Templates → Microsoft Outlook {{version}} → Outlook Options → Preferences → Junk Email.
- Configure the appropriate Junk Email settings:
| Automatic Picture Download option | Action |
| Automatically download content for email from people in Safe Senders and Safe Recipients Lists. | Enable this option to automatically download content when an email message is from someone in the user's Safe Senders List or to someone in the user's Safe Recipients List. |
| Block Trusted Zones. | Disable this option to include Trusted Zones in the Safe Zones for Automatic Picture Download. |
| Display pictures and external content in HTML email. | Enable this option to automatically display external content in HTML mail. |
| Do not permit the download of content from Safe Zones. | Disable this option to automatically download content for sites in Safe Zones, as defined by Trusted Zones, Internet and Intranet settings. |
| Include the Internet in Safe Zones for Automatic Picture Download. | Automatically download pictures for all Internet emails. |
| Include the Intranet in Safe Zones for Automatic Picture Download. | Automatically download pictures for all Intranet emails. |
- Click OK.
(c) Configure Automatic Picture Download - Web Beacon Protection
In Group Policy:
- Load the Outlook {{version}} template.
- Navigate to User Configuration > Administrative Templates → Microsoft Outlook {{version}} → Security.
- Click Automatic Picture Download Settings.
- Open Automatically Download Content for E-Mail from People in Safe Senders and Safe Recipients Lists.
- Click Enabled, followed by OK.
(d) Custom Send From Domains and IP Addresses for Safe Senders
| @amaz0n.website | @bankofamerica-coms.info | @bank-of-irelands.com |
| @billing-amazon.net | @it-internal-support.net | @itinternalhelp.com |
| @it-internal-support.co.uk | @net-flix.co.uk | @revenue-ie.org |
| @app1e-uk.com | @appleofferings.com | @britishtelecos.co.uk |
| @ebayy.store | @gaseire.com | @lewis-shops.co.uk |
| @mobile-offerings.com | @net-flix.email | @new-gyms.com |
| @newwlook.co.uk | @online-food-offers.com | @online-pizza-offers.com |
| @online-supermarkets.co.uk | @phone-warehouses.co.uk | @photo-interestsite.com |
| @royalbanks.co.uk | @sanstandder.com | @sch0e.co.uk |
| @seears.net | @slax.online | @sptify.net |
| @store-shoppers.co.uk | @support-helpers.com | @tkwarehouses.com |
| @tv-online-sky.com | @tvlicen.com | @virganatl.com |
| @vistinprint.com | @coffee-bux.com | @aclobe.net |
| @alerts-tsb.com | @altontomers.co.uk | @americaairlines.net |
| @americaxpress.net | @anpsst.com | @anytime-fitness.net |
| @asdaa.online | @asoos.org | @b00h00.net |
| @britishaeryways.co.uk | @britishgais.co.uk | @bt-net.co.uk |
| @budwesier.co.uk | @bulkbuy.dk | @burgerkingg.co.uk |
| @cabinet-office-uk.com | @clinicalresults.co.uk | @cococola.online |
| @comcasst.co.uk | @coorslighht.co.uk | @dbfileshare.com |
| @dells.org.uk | @doddge.co.uk | @drebeats.co.uk |
| @dunkindonut.co.uk | @easyjett.info | @eloay.store |
| @equfaxx.com | @faceb0okmail.net | @facebook-requests.com |
| @fedx.group | @flights-jettoday.com | @flybee.info |
| @fords.online | @fosill.uk | @goggleaccs.com |
| @goggle-online.com | @gov-tickets.co.uk | @grouponmail.net |
| @hermesparcelmgr.co.uk | @hrdept.global | @iissurvey.dk |
| @komputerworld.dk | @linkd-in.co.uk | @logoland.club |
| @m00npig.co | @merriil-lynch.com | @michigaindc.com |
| @moneysupernarket.co.uk | @my-viza.com | @nationtrusts.com |
| @nationwibe.co.uk | @nattwest.online | @next-sale.co.uk |
| @offers-appie.com | @offfers-o2.online | @ohl.world |
| @oldnvy-store.com | @personal-dept.com | @peypal.org |
| @royallmailservice.info | @royalmoil.co.uk | @ryanar.info |
| @sainsberrys.co.uk | @sakz.org | @snaapchat.co.uk |
| @sseaartricity.com | @steemplayers.com | @tallktallk.com |
| @targot.org | @telecoms-bills.info | @tomascook.online |
| @ubar.global | @uspostalsurvice.com | @utdhealtcre.com |
| @ver1z0n.online | @wa11mart.com | @we11sfarg0.com |
| @worldcupoffers.co.uk | @xpedia.org.uk | @1rs-us.com |
| @america-telecomms.com | @bank-offers.com | @citibank-holdings.net |
| @flight-shopping.com | @health-inf.biz | @servicesonline.biz |
| @shopping-offers.biz | @skyxmas.com | @spotmusik.com |
| @technology-serv.com | @internalmail.info | @hsee.ie |
| @hsehr.ie | @hsecompliance.ie | @hsepayroll.ie |
| @marketing-team.net | @finance-org.com | @hrdept.me |
| @mic-soft.com | @technikssupport.de | @anfrage-microsoft.de |
| @personalsabteilung.de | @ictabteilung.de | @rabatangebote.de |
| @m-soft.info |