@andrewt A company I worked for hired consultants to send us periodic phishing emails. The emails were sent from assorted domains that were all registered to the consulting company.
Back in the day, WHOIS data was public, so after the first email, I simply looked up all their domains and configured my mail client to flag any mail from those domains with a special label.
This was probably contrary to the spirit of the security awareness program, but I like to think it demonstrated initiative.