Skip to content
INFIMA Knowledge Base

A user isn't getting training emails

A user reports they didn’t get a training email — or a phishing test, or a welcome message. Before assuming it’s a delivery problem, confirm where the email actually is.

Start with the Sent Email Log to find the email and check its current location.

Use the Sent Email Log

The Sent Email Log shows every email we’ve sent to a specific user, plus the current location of that email in their mailbox (Inbox, Junk Email, Deleted Items, etc.). For sync’d clients on Microsoft 365 or Google Workspace, this is the diagnostic.

  1. Open the Email Log from one of two places:

    • From the tenant’s main page, click Check Email Delivery in the Quick Actions row.
    • From a user’s detail page (Risk → User), click Email Log. This pre-selects the user, so you can skip step 2.

  2. Select the affected user from the picker (skip if you arrived from a user detail page).

  3. Set the time window. Default is 30 days. If the missing email was from a phishing test weeks back, widen it.

  4. Find the email in question. The list shows the subject, type (training reminder, phishing test, welcome), sent timestamp, and the latest delivery event.

  5. Click the email to open its detail. For API-sent mail, we show the current folder in the user’s mailbox. If it reads anything other than Inbox, that’s where the user needs to look.

  6. Move it back if needed. If the email is in Deleted Items, Junk Email, or another folder, click Move to Inbox. The user gets the email back where they expected it, no further action required from them.

When the log shows a permissions issue

For sync’d clients, two log states point at a broken sync grant:

  • The log is empty for a window when we should have sent (for example, a phishing test went out yesterday and this user was in scope).
  • The log shows SMTP as the send method. Sync’d clients show a per-API send method in the log (microsoft-api or gmail-api). Seeing SMTP means we fell back to the manual-setup path because the sync permissions aren’t working.

To recover:

  1. Resync the directory from the People page. The permissions get re-read on the next sync run.

  2. Trigger a resend to the user — a training email or a test phish. The log only populates when we actually send, so resyncing alone won’t produce new entries.

  3. Check the log again. If it’s still empty, or new sends still show SMTP, contact our support team with the customer’s domain, the user’s email, and the window you’d expected mail in.

Manual setups only: whitelisting

The diagnostic above is for sync’d clients — the ~95% of customers using Microsoft 365 or Google Workspace directory sync. Their mail goes through our API send path and bypasses mailflow entirely; whitelisting is not relevant.

For manually configured clients (no directory sync, SMTP send), the customer’s mail security can filter our mail. Add the values below to the customer’s mail security gateway:

  • IP addresses: 54.240.43.212 and 34.232.212.184
  • Safe sender: bounce@infimasec.com

If a sync’d client is reporting missing email, ignore this section and walk the Sent Email Log diagnostic above. The two paths don’t overlap.

When to escalate

If the log shows the email landed in the Inbox and the user still says they didn’t see it: the email is there, suggest the user search their inbox by subject. This isn’t a delivery problem.

If the log is empty after a resync and the user is active in our system, contact support with:

  • The customer’s domain.
  • The user email address.
  • The send method shown for other users on the same tenant (microsoft-api / gmail-api).
  • The relevant email you expected to be delivered.
  • Sync users — if the email log is consistently empty for a tenant, sync is the place to look first.