EmailSpoofTest.com Frequently Asked Questions HELP

 


 

 

What is Spoofing?

Email spoofing is sending an email as someone else in attempt to “phish” or trick someone into thinking the email is from someone it is not. There are a few different methods used; 

“Spoof” name

Example

Prevention

Impersonated domains

jim@facebook.com


SPF, DKIM

Domain look-alikes

jim@facedook.com


Reverse DNS

Fake domains

jim@notarealdomain.com


Reverse DNS

Impersonation of internal user

jim@yourcompany.com

Internal Authentication, Internal SPF

 
 

I received one or more emails from emailSpoofTest.com, what is my exposure?
 


The security exposure is shown below:

 

Email Received

Prevention

Exposure

Email 0a, 1a, 2a, 3a 
  • DMARC = Qurantine | Relaxed SPF | Relaxed DKIM  [v=DMARC1; p=quarantine; rua=mailto:email@emailspooftest.com; ruf=mailto:email@emailspooftest.com; fo=1:d:s; adkim=r; aspf=s; sp=reject]
  • SPF = Allow subnet, deny others  [v=spf1 ip4:72.167.234.1/16 -all]
  • DKIM = email not signed [selector = a1, v=DKIM1; k=rsa; p=ZW1...]
Subdomain enforcement If you received email 0a the somone could impersonate a subdomain (email@subdomain.securebank.com) of a moderately protected firm. 1a, 2a, and 3a check for subdomain rejection of their respective configurations.

Email 1 - DMARC set for strict SPF alignment but SPF is set to deny all

  • DMARC = Reject | Strict SPF | Strict DKIM  [v=DMARC1; p=reject; rua=mailto:email@emailspooftest.com; ruf=mailto:email@emailspooftest.com; fo=1:d:s; adkim=s; aspf=s; sp=reject]
  • SPF = Deny all senders  [v=spf1 -all]
  • DKIM = email not signed [selector = default, v=DKIM1; k=rsa; p=MIIB...]

 

DMARC alignment with SPF

If you received “Email 1” your email system does not protect you from forged emails from any other sites with very good anti-fraud defenses in place. Sites could email you impersonating any site on the web.


Email 2 - DMARC set for strict DKIM alignment but enmail is not DKIM signed

  • DMARC = Reject | Relaxed SPF | Strict DKIM [v=DMARC1; p=reject; rua=mailto:email@emailspooftest.com; ruf=mailto:email@emailspooftest.com; fo=1:d:s; adkim=s; aspf=r; sp=reject]
  • SPF = Not configured (Neutral)
  • DKIM = email not signed (Selector = default) [selector = default, v=DKIM1; k=rsa; p=MIIB...]

DKIM enforcement via DMARC

If you received “Email 2” your email system does not protect you from impersonation of sites that only DKIM sign their emails. Someone could forge an email in this manner and send it to you without a DKIM signature and your users would likely never know.


Email 3 – SPF set to reject all, DMARC set to none

  • DMARC = None | Strict SPF | Relaxed DKIM [v=DMARC1; p=none; rua=mailto:email@emailspooftest.com; ruf=mailto:email@emailspooftest.com; fo=1:d:s; adkim=r; aspf=s; sp=reject]
  • SPF = Reject all [v=spf1 -all]
  • DKIM = email not signed (Selector = default) selector = default, v=DKIM1; k=rsa; p=MIIB...]

SPF enforcement

If you received “Email 3” your email system does not protect you from email coming from fake senders. Anyone can send mail to you as anyone.


Email 4 -email from you, to you

Internal Authentication, Internal SPF enforcement

If you received “Email 4” your email system does not protect you from an outside entity impersonating a user internal to your company.


Email 5 -invalid domain name, no SPF, no DKIM

Reverse DNS lookups on email

If you received “Email 5” your email system does not protect you from “look-alike” or non-existent domains.



*Note: The tests performed by emailSpoofTest.com are not "all inclusive" and only represent some of the common mis-configurations possible with email. This site makes no guarantees or promises of any type!

 

---ads here to fund our site, please turn ad blockers off---



I didn't receive any email from emailSpoofTest.com, am I safe?

Disclaimer: By using this site you are not safer, nor proving you are safe from anything in any way. This is simply a test tool to help you figure out how exposed (not safe) you might be.

Sometimes the emails can take a few minutes to get delivered but typically our emails are delivered within 10 minutes. If its slow, its probably you, not us. Our end of the operation is very fast and simple. If this site stops working correctly please let us know.

If you did not receive any of our emails, this is not an indicator that you are protected. Check SPAM and other protection mechanisms. 

If you received one of our test emails then your systems are very likely vulnerable

If you received one of these emails in your SPAM your systems are very likely vulnerable.

 

 

---ads here to fund our site, please turn ad blockers off---



What are you doing with my email address?

You will not get spam sourced from us!

This site does not sell your email to ad firms that will annoy you later. We don't store it in a database, we just help you test.

We run analytics on site traffic and the number of emails tests. We are interested in how valuable the tool is and how we can make it better for you. We hope to use this data to attract better paying advertisers (email security products like proofpoint, agari, etc.)

This site is not for profit, it's just here to help the security community. The ads from google don't really cover much at all... producing less than a few dollars per month because we keep the ads off to the side where they are less annoying. If you find this site useful help us out!

 

The best way to help is to tell your friends and colleagues on social media. Show people how to use this site. Or use the site as a tool in your own consulting practice.

 

Another way to help is feedback! Tell us how to be better. Use the form below.

 

Finally, a great way to help is to test often. We see you out there and we appreciate you!

 

 

 
 


 
  More info on SPF http://www.openspf.org/

More info on DKIM http://www.dkim.org/

More info on DMARC https://dmarc.org/
 
 
 

   This free test tool brought to you by the Cyber Warfare Research Team (CWRT)

 
     
 

 
 
     
 

 
         Free expert Email Security help! Contact us instantly.

 

 

Have email security questions? Want expert advice? Just want to say hello or give suggestions?

Please use the form to instantly message our team.
Name:  
Email:  
Phone:  
Message:


 




IGNITE

(CWRT)