Skip to content

Phish Threat FAQs

Find answers to common questions about your Phish Threat License.

How does the licensing work?

Sophos Phish Threat is licensed on a per-user basis. A user must have a license when sending a campaign email from Sophos Phish Threat, whether it's an attack simulation or a training-only campaign.

The usage is calculated daily by counting the number of users who have received campaign emails over the last 30 days.

License usage is still calculated even if the campaign ends or is deleted.

How many licenses do I need if I want to send multiple campaigns to a user?

Only one license is used by each user, no matter how many campaign emails they send during the license term.

Regardless whether a user sent one or 100 campaign emails, they must be licensed to use Phish Threat. Your organization must also have enough licenses to cover each unique user that will receive a Phish Threat campaign email during the license term.

Who can use monthly licensing?

Monthly licensing is available for Phish Threat through the MSP Flex program. Monthly licenses are calculated based on the number of recipients in each Phish Threat campaign email during the billing period.

My license expired. What happens next?

There is a 30-day grace period after the license expires. All new campaigns or reminder emails will be sent after renewing the license. If a campaign was sent before the license expiration, phish data is still recorded even after the license has expired. A banner about the license expiration is shown on the Phish Threat page.