As someone who worked in enterprise IT for a while, I can’t stand those anti-phishing programs.
Some of them contain the most ridiculous and realistic messages, and they force your organization to expose plenty of security flaws to give you a few million tickets with half of the staff yelling, “Hey, what the fuck is this?” Make sure that the reason you get the popup saying, “This message was not sent to Spam based on your organization’s settings,” is that your school had to combine some filters to ensure that this message reached anyone at all.
Yes, I also despise them. I think it should be part of the enjoyment when the spam company gets past the filters. F off if you are unable to enter.
Although I think that individuals are the main weak link, I don’t think you should disable filtering for a penetration or testing campaign.