Email Providers

Connect Herd to your organization's mail provider so that when users report a phishing simulation, Herd credits them with the report in your campaign results.

When users report a Herd phishing simulation using their mail client's built-in Report phishing button, Herd can detect that report and credit them in your campaign results. This is configured per provider under Settings → Integrations → Email Providers in the Herd admin console.

The Email Providers section in Herd Settings, showing the Gmail (Google Workspace) tile expanded with an Enable polling button.

Choose your provider

Both providers can be enabled side-by-side — Herd polls each user's mailbox via the appropriate integration based on their domain.

Detecting Phishing Reports From Gmail — for Google Workspace organizations. Reuses the service account from your existing Google Workspace directory-sync setup; you grant one additional read-only Gmail scope.
Detecting Phishing Reports From Outlook — for Microsoft 365 organizations. A tenant administrator consents to Herd's existing Azure application once; there is no Azure portal configuration on your side.

How report detection works (in brief)

After Herd sends a phishing simulation, it periodically checks each recipient's mailbox via the provider API to see what happened to that specific message. When the user clicks Report phishing (or Report spam / Report Junk), the mail provider moves the message out of the inbox. Herd detects that move on its next polling cycle — typically within 5 minutes — and marks the simulation as Reported for that user.

A few things common to both providers:

Read-only. Herd reads message metadata (labels/folder placement and a small set of forwarding-related headers) on the specific messages it sent. It never reads general message bodies, sends mail, modifies messages, or deletes anything.
Recent campaigns only. Herd polls mailboxes for simulations sent in the last 30 days. Older campaigns are not re-checked.
Reports require user action. A simulation is only credited as reported when the user moves it out of the inbox. Auto-classification by the provider's spam filter (where the user never saw the message) does not count.
Backfill is automatic. Once you turn polling on, every simulation in the last-30-day window becomes pollable on the next cycle — including reports users had already filed before you enabled this.
Recipients must be in your domain/tenant. Polling is scoped to the domain (Gmail) or tenant (Outlook) you connected. External recipients are not polled.

Provider-specific setup steps, exact permission scopes, and troubleshooting live on the Gmail and Outlook pages.

PreviousCompliance Tracking - Coming Soon NextDetecting Phishing Reports From Gmail

Last updated 23 days ago