A lot of companies use cybersecurity training to prevent phishing attacks. A UC San Diego study says they should find a better way to protect their digital assets.
Unless the email client is blocking external images, a tracking pixel in the email would be enough to see that the email was rendered, and that the address is valid. The trainings specifically instruct you to review the contents of the email and check the email headers before clicking links, so that alone would confirm to a spammer that the email is valid.
Every email client I can think of off the top of my head blocks images by default. And I don’t see how that relates to your criticism of the whole idea of anti-phishing training
Unless the email client is blocking external images, a tracking pixel in the email would be enough to see that the email was rendered, and that the address is valid. The trainings specifically instruct you to review the contents of the email and check the email headers before clicking links, so that alone would confirm to a spammer that the email is valid.
Every email client I can think of off the top of my head blocks images by default. And I don’t see how that relates to your criticism of the whole idea of anti-phishing training