DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  
Response to Amendment
This Office Action is in response to the amendment filed 03/09/2021.
Claims 1, 11 are currently amended claims. Claims 8-9, 18-19 are currently cancelled claims. Claims 1-7, 10-17 and 20 are pending and considered.
The rejection of claim 8, 18 under 35 USC 112(d) as being of improper dependent form has been withdrawn in light of applicant’s cancellation of the claims.
Response to Argument
Applicant’s argument, see pages 5-9 of the Remark filed 3/9/2021, with respect to claims over prior arts have been fully considered and are persuasive, further in view of the examiner’s amendments below. Upon examiner’s updated search on the features recited in the 
Allowable Subject Matter
Claims 1-5, 10-15, 20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The present invention is directed to generation and use of phishing email sent to recipient user while displaying email addresses of non-recipient users in the context of the phishing email, by identifying and communication with email server using RCPT TO and DATA commends of simple mail transfer protocol (SMTP) to give appearance to the recipient user that the simulated phishing email was communicated to the one or more non-recipient users.
Claim 1 (similarly claim 11) identifies the uniquely distinct features “communicating, by the server, a RCPT TO command of a simple mail transfer protocol (SMTP) to the mail server to include the recipient user as the recipient of the simulated phishing email and to exclude the one or more non-recipient users as recipients of the simulated phishing email”; and “communicating, by the server, via a DATA command of the SMTP with the mail server, the one or more email addresses of the one or more non-recipient users with content of the simulated phishing email to the recipient user to cause the simulated phishing email to be displayed to the recipient user with the one or more email addresses of the one or more non-recipient users as recipients of the simulated phishing email in order to give appearance to the recipient user that the simulated phishing email was communicated to the one or more non-recipient users that were excluded from the RCPT TO command”. 
Chapman et al (US20130198846A1) discloses system and method for facilitating organizational testing of employees in order to determine their potential susceptibility to phishing scams. In particular Chapman teaches the concept of generating phishing email sent to company’s employees to display the email content to the recipients to evaluate employee’s susceptibility to the phishing email.
The prior art, Thirumavalavan (US20200213332A1) discloses system and method for verifying user email address in real time with simple SMTP conversation between mail servers. In particular, Thirumavalavan teaches using RCPT TO command to specify receiver mail address and DATA command to transfer the message content.
The prior art, Arshad et al (US20180077098A1) discloses system and method of e-mail chain manager to include new recipient to e-mail chain. In particular, Arshad teaches using RCPT and DATA commands to selectively send the email chain to intended participants in dynamic email chain management. 
The prior arts, either singularly or in combination fails to anticipate or render obvious the claimed limitations of claim 1 (similarly claim 11) of “communicating, by the server, a RCPT TO command of a simple mail transfer protocol (SMTP) to the mail server to include the recipient user as the recipient of the simulated phishing email  and to exclude the one or more non-recipient users as recipients of the simulated phishing email”; and “communicating, by the server, via a DATA command of the SMTP with the mail server, the one or more email addresses of the one or more non-recipient users with content of the simulated phishing email to the recipient user to cause the simulated phishing email to be displayed to the recipient user with the one or more email addresses of the one or more non-recipient users as recipients of 
Regarding the dependent claims: dependent claims 2-5, 10, 12-15 and 20 are also allowed for incorporating the allowable feature recited in the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Examiner’s Amendment
The application has been amended as follows: 
An Examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicants, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Mr. Christopher McKenna (617-342-4057) on 5/20/2021 (See PTO-413 interview summary) and further communication on 5/26/2021, 5/28/2021.

PLEASE AMEND THE CLAIMS AS FOLLOWS:

(Currently Amended) A method comprising:
generating, by a server for a recipient user of an entity to be targeted with a simulated phishing email, one or more email addresses of one or more non-recipient users to be displayed as recipients of the simulated phishing email when received by the recipient user;
generating, by the server, the simulated phishing email addressed via one or more address fields to the recipient user and the one or more non-recipient users;
initiating, by the server, transmission of the simulated phishing email to a mail server of the entity; 
communicating  to the mail server to include the recipient user as the recipient of the simulated phishing email  to exclude the one or more non-recipient users as recipients of the simulated phishing email 
communicating, by the server, via a DATA command of the SMTP with the mail server, the one or more email addresses of the one or more non-recipient users with content of the simulated phishing email to the recipient user to cause the simulated phishing email to be displayed to the recipient user with the one or more email addresses of the one or more non-recipient users as recipients of the simulated phishing email in order to give appearance to the recipient user that the simulated phishing email was communicated to the one or more non-recipient users that were excluded from the RCPT TO command.

(Original) The method of claim 1, wherein (a) further comprises generating, by the server, the one or more email addresses as real email addresses of the one or more non-recipient users of the entity.

(Original) The method of claim 1, wherein (a) further comprises generating, by the server the one or more email addresses as fake email addresses with a display name of the one or more non-recipient users. 

(Original) The method of claim 1, wherein (b) further comprises including, by the server, the one or more email addresses in one or more address fields of a header of the simulated phishing email.

(Original) The method of claim 1, wherein (c) further comprises establishing, by the server, a SMTP session with the mail server.

(Currently Cancelled).

(Currently Cancelled). 

(Previously Cancelled).

(Previously Cancelled).

(Currently Amended) The method of claim 1, further comprising identifying, by the server, whether the recipient user interacted with the simulated phishing email and responsive to the identifying that the recipient user interacted with the simulated phishing email, determine a training module for the recipient user. 

(Currently Amended) A system comprising:
a server comprising one or more processors, coupled to memory and configured to:
generate, for a recipient user of an entity to be targeted with a simulated phishing email, one or more email addresses of one or more non-recipient users to be displayed as recipients with the simulated phishing email to be received by the recipient user;
generate the simulated phishing email addressed to the recipient user and the one or more non-recipient users;
initiate transmission of the simulated phishing email to a mail server of the entity; 
communicate to the mail server to include the recipient user as the recipient of the simulated phishing email  to exclude the 
communicate via a DATA command of the SMTP with the mail server, the one or more email addresses of the one or more non-recipient users with content of the simulated phishing email to the recipient user to cause the simulated phishing email to be displayed to the user with the one or more email addresses of the one or more non-recipient users as recipients of the simulated phishing email in order to give appearance to the recipient user that the simulated phishing email was communicated to the one or more non-recipient users that were excluded from the RCPT TO command.

(Original) The system of claim 11, wherein the server is further configured to generate the one or more email addresses as real email addresses of the one or more other non-recipient users.

(Original) The system of claim 11, wherein the server is further configured to generate the one or more email addresses with a display name of the one or more non-recipient users with fake email addresses. 
(Original) The system of claim 11, wherein the server is further configured to include the one or more email addresses in one or more address fields of a header of the simulated phishing email.

(Original) The system of claim 11, wherein the server is further configured to establish a SMTP session with the mail server.

(Currently Cancelled).

(Currently Cancelled). 

(Previously Cancelled).

(Previously Cancelled).

(Currently Amended) The system of claim 11, wherein the server is further configured to identify whether the recipient user interacted with the simulated phishing email and responsive to the identifying that the recipient user interacted with the simulated phishing email, determine a training module for the recipient user. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL M LEE/Examiner, Art Unit 2436

/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436