noid ✅Note to Blue Team folks. Anti-phishing education is great. Periodic phishing awareness campaigns are also great. However, make sure to clarify what legit email looks like so if you ever have to mail your employees something that requires them to click on a link, they don't dismiss it as yet another phishing test.
tduehr@Noid also, take care to make sure they don't get phishing tests frequently enough they come after you with far and feathers.
If your users are technical, try to keep the phishing spam to non-existent and eschew URL rewriting or subject tagging.
Every time I see that coming from a client or our other offices I cringe. It's just not right, esp if your email is often signed.
Don't get me started on appliances that check pgp signatures for you…