I was doing some tests with a phishing simulation tool from Microsoft. It looks like 220.127.116.11, 18.104.22.168, etc. have categorised the domains used by this tool as actual phishing domains. This defeats the purpose of the simulation, as you don’t get any telemetry back from the tool due to the domains being blocked, rather than getting no telemetry because my users are savvy enough to not click the links!.
Should such domains be removed from the Phishing category?
The list of domains is documented on docs.microsoft.com