Need advise for our company experiment. We are planning to observe the security awareness among our staff. I have an idea but lacking of knowledge on how to do it. I want to create spoofed email and send one .doc/.pdf file inside the email. That .doc file will return the IP address if our staff click to open the file. From this we can see in our company how many users are not aware with security threat and we will educate them later on. Because we are using firewall, can it be done from external IP as well? Your help and idea are really appreciated.