@gbenedict wrote:
One thing easily to check is what the link is for the registration. Is it an IP or hsotname? An IP address would be more suspect than a hostname, and http more than https. So a perfect link would be https://amigopod.yourdomain.com or whatever, with a valid SSL certificate.
This was the issue. The sponsor link was using the IP instead of hostname. If the guest registers through the welcome page using the IP address, the sponsor email will include that IP and be flagged as phishing. So I changed the captive portal in Aruba to use the hostname of amigopod - no more phishing warning.
Thanks!