Troubleshooting FAQs

Email Delivery Issues

Why are my phishing emails not being delivered?

Common causes include:

• SPF/DKIM records not configured correctly

• Sending domain or IP on a blacklist

• Recipient mail gateway blocking simulated phishing emails

• Missing allowlist entries for the Lucy server

Recommended checks:

1. Verify SPF and DKIM for the sending domain

2. Confirm the attack domain is not blacklisted

3. Ensure the recipient email gateway allowlists the Lucy server

4. Check the Lucy mail queue and server logs

Why are phishing emails landing in spam?

Possible causes:

• Missing SPF/DKIM/DMARC configuration

• Low domain reputation

• Suspicious phishing template content

• Security filters detecting simulation behavior

Mitigation:

• Configure proper DNS authentication records

• Use warmed-up domains

• Avoid common phishing keywords in early test campaigns

• Allowlist the sending domain internally

Why are users not receiving campaign emails?

Check the following:

• The campaign schedule is valid (if in use)

• The recipient group contains valid email addresses

• SMTP configuration is correct (if in use)

• Email rate limits or throttling are not blocking delivery

Campaign Issues

Why won’t my campaign start?

Before a campaign can start, Lucy runs a series of automatic campaign checks to confirm that the campaign configuration and infrastructure are working correctly. If any required check fails, the campaign will not launch.

If a check fails, Lucy will display a red error indicator in the campaign checks panel. Warnings may appear in yellow if a potential issue is detected but does not completely block the campaign.

How to resolve it

1. Open the campaign and review the Campaign Checks section

2. Identify any failed checks (shown in red)

3. Click the check to view details about the problem

4. Correct the configuration issue and start the campaign again

Why are campaign results empty?

This usually occurs when:

• Emails were never delivered

• Tracking links were blocked by security gateways

• Tracking domain not configured correctly

• User activity was filtered by browser security settings

Why are clicks or credential captures not being recorded?

Possible causes:

• Tracking domain misconfiguration

• DNS for the phishing domain incorrect

• Proxy or email security solution rewriting links

• Browser blocking tracking scripts

Why do I see incorrect information in my campaign statistics?

Possible causes:

• Firewall, antivirus, or email security tools intercepting packets

• Recipients sharing links

Mitigation:

• Whitelist your Lucy server and email senders

• Use system filters to ignore false-positive clicks

• Enable the End User Portal to provide individual access to training content

Domain & DNS Problems

Why do I need a separate phishing domain?

Using a separate domain prevents the primary Lucy server domain from being blacklisted during phishing simulations.

Why is my attack domain not working?

Common causes:

• DNS A record not pointing to the Lucy server

• SSL certificate missing or invalid

Verification steps:

1. Confirm DNS resolves to the Lucy server

2. Verify SSL certificate installation

Why did my phishing domain get blacklisted?

Possible reasons:

• High-volume campaigns sending emails too quickly

• Suspicious phishing templates triggering automated scanners

• Users reporting the campaign content

Mitigation:

• Use the campaign scheduler to spread campaign emails over a longer period

• Whitelist your lucy server

• Use the reporting plugin to send suspicious email reports directly to Lucy

Reporting Plugin Issues

Why don't I see the report button in my mail client?

Possible causes:

• Your clients have not yet synced with the domain controller

• Incorrect configuration of the Entra ID application

Check:

• Wait up to 90 minutes to allow clients to sync with the domain controller

• Validate your application config in Entra ID

Why are phishing reports not appearing in the incidents dashboard?

Possible causes:

• Reporting plugin not installed correctly

• Email forwarding rules missing

• Mailbox integration misconfigured

Why do reported phishing emails not appear in Lucy?

Check:

• The reporting mailbox is configured

• Communication between Lucy and clients is allowed

  • If using HTTPs for reports, check whitelisting over port 443

  • If using SMTP for reports, check whitelisting over port 25

Installation & System Issues

Lucy installation failed. What should I check?

Verify:

• Supported Linux version

• Firewall rules allowing required ports

• Sufficient system resources (RAM, disk space)

Lucy is running slowly. What could cause this?

Common performance issues:

• Insufficient server RAM

• Large campaign datasets

• Database performance issues

• Background workers not running

How do I check Lucy system logs?

VPS customers can find their logs in the workstation under Support > System Logs > Service Logs.

On-premise customers can find their logs in various locations in the container:

• Apache logs: /var/log/apache2

• Mail logs: /var/log/mail.log

• Application logs: /opt/phishing/runtime

Administrative Configuration

Why can’t I change the system timezone?

The timezone cannot be modified while scheduled campaigns are active. Stop scheduled tasks before making the change.

Why are some settings locked or unavailable?

This can happen when:

• Campaigns are actively running

• Administrator permissions are limited

• Certain modules are not licensed or enabled