I'm involved in IT security.
I need to attach phishing simulator software to my main business domain (website)
I'm a bit weary of this because of potential problems down the line. The vendor of the phishing simulator thinks it should be ok.
However, in 12 / 18 / 24 months time, I don't want a situation where, owing to error (or whatever) my domain becomes blacklisted.Because my domain is also tied to my CRM system. This would then result in a cascade of failures - my basic email system not working, my CRM not working and the phishing simulator not working.
Should this phishing simulator be hosted on a different domain to mitigate the risk or am I totally over-thinking this situation?