TROY isn't a marketing platform with a phishing skin. It's a mailing platform engineered for security teams who actually run simulations week after week.
From an empty draft to a scheduled send in under five minutes — without sacrificing rigor.
Paste any login page URL. TROY downloads the HTML, rewrites assets to a controlled CDN path, sanitizes outbound forms, and stores it as a campaign-scoped landing page. No wget gymnastics required.
Built-in template library covers the high-incidence vectors: Microsoft 365, Israeli banks, courier delivery, IT helpdesk resets. Operators can fork any template per-tenant.
{{firstName}}, {{lastName}}, {{department}}, {{company}}, plus tenant-defined custom fields. Tokens are validated at draft time so a missing field can't ruin a send.
Filter by department, language, role, or custom tags. Upload an ad-hoc CSV. Sample N random employees for low-volume campaigns. Exclude users who failed a recent simulation to avoid fatigue.
A simulation that lands in spam isn't a simulation — it's a budget line item with no learning value. TROY treats deliverability as a first-class metric.
Generate a 2048-bit DKIM keypair for every sending domain. Public key is rendered as a copy-paste DNS record; private key stays encrypted in the database. Selectors rotate annually.
One click runs SPF / DKIM / DMARC / PTR / MX checks against authoritative resolvers and stores the results. Domains flip from Pending to Verified automatically; failures show actionable diagnostics.
New domains follow a 14-day ramp from 50 to 5,000 messages per day. Send rate enforcement is server-side; operators can't accidentally cook a fresh IP.
Daily ingestion from Microsoft SNDS and Google Postmaster Tools. Trend lines per domain, per IP, per recipient ISP. Alert when a score crosses a threshold.
Before any campaign launches, TROY runs a checklist: DNS green, warm-up sufficient, reputation acceptable, content not blacklisted by SpamAssassin in dry-run. Anything red blocks the send.
The MTA listens on MX, parses bounces, and tags addresses as hard-failed or soft-failed. Feedback Loop registrations with Microsoft and Yahoo feed complaints back into the campaign view.
Every interaction is captured, attributed, and surfaced — without ever leaving recipient data exposed in URLs.
Every link and pixel embeds a 256-bit random token unique to the (campaign, recipient) pair. Email addresses never appear in URL parameters.
Pixel-triggered opens, link-triggered clicks, and form submissions land in the same event log. Geolocation, user agent, and timestamp are captured server-side.
Optional Outlook plug-in lets employees report suspected phishing in one click. Reports are correlated with the originating campaign and credit the user with a positive event.
A weighted formula blends recent behavior, engagement type, and reporting credit into a 0–100 score per employee. Departments and tenants roll up automatically.
TROY is not a single-tenant tool with a "client" tag retrofitted on top. Tenant isolation is enforced at every query.
Every record carries a tenant ID. EF Core global query filters guarantee that a tenant operator can only ever read or write their own data. Super-admins must opt-in to cross-tenant queries.
Self-serve tenant creation walks through identity verification, primary contact, signed consent, and AUP acknowledgement. Nothing sends until the consent record is on file.
Tenants can override the operator console with their own colors and logo. The platform name "TROY" is reserved.
SuperAdmin, TenantAdmin, TenantOperator, TenantViewer. Permissions are evaluated at the API layer, not just the UI.