Exchange and Outlook Automatic Image Download Policies

If you are having issues with MetaCompliance phishing emails not being recorded as 'open', this could be due to the automatic downloading of images being disabled within Exchange and Outlook.

Your organisation’s IT or Exchange administrators can configure Group Policies to enable Automatic Picture Download for Exchange email communications.

Automatic Picture Download allows MetaCompliance to track email opens. This is done by placing a small image within the email content. When the email client downloads the image, it tracks an open within the MetaCompliance Reporting for the email. See the following article for further information on this:

There are two options to achieve the automatic download of images and, below, we have outlined the tasks involved to implement the two most common solutions.

  1. Allow automatic download of images across your organisation.
  2. Use Group Policy to add MetaCompliance domains to the Safe Senders List.

1. Allow Automatic Download of Images across your Organisation

  • In Group Policy, load the Outlook {{version}} template.
  • Under User Configuration > Administrative Templates > Microsoft Outlook {{version}} > Security, click Automatic Picture Download Settings.
  • Open Display pictures and external content in HTML e-mail.
  • Click Enabled > OK.

(a) To allow automatic download of Internet content, use the Office Customization Tool

  • In the Office Customization tool, navigate to the 'Modify user settings' page.
  • Under Microsoft Outlook {{version}} > Security > Automatic Picture Download Settings, open Display pictures and external content in HTML e-mail and click OK.
  • On the 'File' menu, click Save to create the customisation file that you can deploy to users.

(b) Automatically download content from people in Safe Senders and Safe Recipients Lists

This policy setting controls whether Outlook automatically downloads external content in email from senders in the Safe Senders List or Safe Recipients List. 

If you enable this policy setting, Outlook automatically downloads content for email from people in Safe Senders and Safe Recipients Lists.

Registry Hive:          HKEY_CURRENT_USER

Registry Path:          software\policies\microsoft\office\{{version}}\outlook\options\mail

Value Name:           unblockspecificsenders

Value Type:             REG_DWORD

Enabled Value:       1

Disabled Value:      0

(c) Display pictures and external content in HTML email

This policy setting controls whether Outlook downloads untrusted pictures and external content located in HTML email messages without users explicitly choosing to download them.

  • If you enable this policy setting, Outlook will not automatically download content from external servers unless the sender is included in the Safe Senders List. Recipients can, however, choose to download external content from untrusted senders on a message-by-message basis.
  • If you disable this policy setting, Outlook will automatically display pictures and external content in HTML email.
  • If you do not configure this policy setting, Outlook does not download external content in HTML email and RSS items unless the content is considered safe. Setting this value to 'enabled' will blanket-download email content for any messages in your organisation. It is not required if the Safe Senders List is configured.

Registry Hive:         HKEY_CURRENT_USERRegistry

Path:                       software\policies\microsoft\office\{{version}}\outlook\options\mail

Value Name:           blockextcontent

Value Type:             REG_DWORD

Enabled Value:       1

Disabled Value:      0

 

2. Using Group Policy to add MetaCompliance domains to the Safe Senders List 

The following can be used to adjust your Safe Senders List to allow MetaCompliance to accurately record phishing mail opens. If your organisation does not already have a Safe Senders List, you will need to create one. (See below) 

(a) How to set up a Safe Sender

  • Create a .txt file that stores a list of safe senders (domains or addresses), each on a new line.
  • Step 2 - Save the .txt file to a file share that is accessible by all clients; for example, \\FileServer\sharedfiles\Add the appropriate Office version Administrative Template to Group Policy:
  • Create a new GPO for customising Outlook or Office.
  • In the GPO, go to User Configuration > Policies > Administrative Templates > Microsoft Office Outlook {{version}} > Options > Preferences > Junk Email.
  • Open Specify path to Safe Senders List; for example, \\FileServer\sharedfiles\safesenderslist.txt
  • Set this policy to 'enabled' and specify that path to the .txt file that you've just saved in Step 2.
  • The above setting tells Outlook where to locate the import file; however, it does not tell Outlook to actually import the file. This is done through a registry key entry.
    • You can add this in the same GPO by navigating to User Configuration > Preferences > Windows Settings > Registry.
  • Right-click Registry, and select New Registry Item.
  • Set the properties to the following:
    • Action: Update
    • Hive: HKEY_CURRENT_USER
    • Key Path: Software\Policies\Microsoft\Office\1x.0\Outlook\Options\Mail
    • Value Name: JunkMailImportLists
    • Value Type: REG_DWORD
    • Value Data:1
    • Base: Decimal

Note: The 1x.0 placeholder represents your version of Outlook (11.0 = Outlook 2003, 12.0 = Outlook 2007, 14.0 = Outlook 2010, 15.0 = Outlook 2013, and 16.0 = Outlook 2016).

For example, the key path for Outlook 2010 will be:

  • Software > Policies > Microsoft > Office > 14.0 > Outlook > Options > Mail.

(b) Configure Junk Email settings and save the Junk Email filter file changes

  • Use Group Policy to configure Junk Email filter files for users. In Group Policy, load the Outlook 2013 template, and open the following:
    • User Configuration > Administrative Templates > Microsoft Outlook {{version}} > Outlook Options > Preferences > Junk Email.
  • Configure the appropriate Junk Email settings:

Automatic Picture Download option

Action

Automatically download content for email from people in Safe Senders and Safe Recipients Lists

Enable this option to automatically download content when email message is from someone in the user's Safe Senders List or to someone in the user's Safe Recipients List.

Block Trusted Zones

Disable this option to include Trusted Zones in the Safe Zones for Automatic Picture Download.

Display pictures and external content in HTML email

Enable this option to automatically display external content in HTML mail.

Do not permit download of content from Safe Zones

Disable this option to automatically download content for sites in Safe Zones, as defined by Trusted Zones, Internet and Intranet settings.

Include Internet in Safe Zones for Automatic Picture Download

Automatically download pictures for all Internet email.

Include Intranet in Safe Zones for Automatic Picture Download

Automatically download pictures for all Intranet email

  • Click OK.

(c) Configure Automatic Picture Download - Web Beacon Protection

  1. In Group Policy, load the Outlook {{version}} template.
  2. Under User Configuration > Administrative Templates > Microsoft Outlook {{version}} > Security > click Automatic Picture Download Settings.
  3. Open Automatically Download Content for E-Mail from People in Safe Senders and Safe Recipients Lists.
  4. Click Enabled > OK.

(d) Custom Send From Domains and IP Addresses for Safe Senders

MetaCompliance Mail Server IP Addresses

@amaz0n.website

@bankofamerica-coms.info

@bank-of-irelands.com

@billing-amazon.net

@it-internal-support.net

@itinternalhelp.com

@it-internal-support.co.uk

@net-flix.co.uk

@revenue-ie.org

@app1e-uk.com

@appleofferings.com

@britishtelecos.co.uk

@ebayy.store

@gaseire.com

@lewis-shops.co.uk

@mobile-offerings.com

@net-flix.email

@new-gyms.com

@newwlook.co.uk

@online-food-offers.com

@online-pizza-offers.com

@online-supermarkets.co.uk

@phone-warehouses.co.uk

@photo-interestsite.com

@royalbanks.co.uk

@sanstandder.com

@sch0e.co.uk

@seears.net

@slax.online

@sptify.net

@store-shoppers.co.uk

@support-helpers.com

@tkwarehouses.com

@tv-online-sky.com

@tvlicen.com

@virganatl.com

@vistinprint.com

@coffee-bux.com

@aclobe.net

@alerts-tsb.com

@altontomers.co.uk

@americaairlines.net

@americaxpress.net

@anpsst.com

@anytime-fitness.net

@asdaa.online

@asoos.org

@b00h00.net

@britishaeryways.co.uk

@britishgais.co.uk

@bt-net.co.uk

@budwesier.co.uk

@Bulkbuy.dk

@burgerkingg.co.uk

@cabinet-office-uk.com

@clinicalresults.co.uk

@cococola.online

@comcasst.co.uk

@coorslighht.co.uk

@Dbfileshare.com

@dells.org.uk

@doddge.co.uk

@drebeats.co.uk

@dunkindonut.co.uk

@easyjett.info

@eloay.store

@equfaxx.com

@faceb0okmail.net

@facebook-requests.com

@fedx.group

@flights-jettoday.com

@flybee.info

@fords.online

@Fosill.uk

@goggleaccs.com

@goggle-online.com

@Gov-tickets.co.uk

@grouponmail.net

@hermesparcelmgr.co.uk

@hrdept.global

@IISSurvey.dk

@Komputerworld.dk

@linkd-in.co.uk

@logoland.club

@m00npig.co

@merriil-lynch.com

@michigaindc.com

@moneysupernarket.co.uk

@my-viza.com

@nationtrusts.com

@nationwibe.co.uk

@nattwest.online

@next-sale.co.uk

@offers-appie.com

@offfers-o2.online

@ohl.world

@oldnvy-store.com

@personal-dept.com

@peypal.org

@Royallmailservice.info

@royalMoil.co.uk

@ryanar.info

@sainsberrys.co.uk

@sakz.org

@snaapchat.co.uk

@sseaartricity.com

@steemplayers.com

@tallktallk.com

@targot.org

@telecoms-bills.info

@tomascook.online

@ubar.global

@uspostalsurvice.com

@utdhealtcre.com

@ver1z0n.online

@wa11mart.com

@we11sfarg0.com

@Worldcupoffers.co.uk

@xpedia.org.uk

@1rs-us.com

@america-telecomms.com

@bank-offers.com

@citibank-holdings.net

@flight-shopping.com

@health-inf.biz

@servicesonline.biz

@shopping-offers.biz

@skyxmas.com

@spotmusik.com

@technology-serv.com

@internalmail.info

@hsee.ie

 

Back to all articles