The problem there is that the person/group conducting the test (presumably security team of a 500 person org) doesn't know if it will cost 500 x PerClickRate, or 5 x PerClickRate.. They don't yet know the stupidity of their users. Variable pricing like that can be a deal breaker for a small company.
You could address that by creating a control on the price. "I want to run this campaign against 500 users. But my budget is $100." The service sends out e-mails up to the $100 cost if they all clicked through, then deducts the actual expenses from the budget. In a few days, it sends the next batch of e-mails targeting the rest of the budget. Continue until either the e-mails are all sent, or the budget is expired.
I suspect explaining that pricing model is a sales risk. flat fee or price per contact is far more intuitive I suspect.
Even reading your explanation, I'm not clear on what it will cost me -- this sounds more like pre-paying? how long should it wait between batches? how effective will batching be? Rumors of phishing/testing could move quick in the organisation making the report outcome misleading.
