|
What is Spoofing? Email spoofing is sending an email as someone else in attempt to “phish” or trick someone into thinking the email is from someone it is not. There are a few different methods used;
|
Frequently Asked Questions... with answers! What is emailSpoofTest.com and what is it used for? EmailSpoofTest.com is the only safe, easy, and private email self-penetration testing platform with tools needed to test and validate the security of any email system. The concept: is to send yourself phishing & fraud emails using all the possible ways hackers can fake email; to test if an email system will drop the fraud email or allow fraud email in. If you get any of the clearly marked test emails, there are instructions inside with hints on how to correct the configuration.
Why is there a need for emailSpoofTest.com? We found that even the advanced and carefully configured email security systems have security controls that are misconfigured or simply do not work Ransomware is initialized by email fraud Penetration tests are complicated, expensive, and exposes flaws to a 3rd party
I didn't receive any email from emailSpoofTest.com, am I safe?
No, the best way to know you are protected is to have your system validated by our team. Disclaimer: By using this site you are not safer, nor proving you are safe from anything in any way. This is simply a test tool to help you figure out how exposed (not safe) you might be. Sometimes the emails can take a few minutes to get delivered but typically our emails are delivered within 10 minutes. If its slow, its probably you, not us. Our end of the operation is very fast and simple. If this site stops working correctly please let us know. If you did not receive any of our emails, this is not an indicator that you are protected. Check SPAM and other protection mechanisms. If you received one of our test emails then your systems are very likely vulnerable. If you received one of these emails in your SPAM your systems are very likely vulnerable.
What are you doing with my email address? You will not get spam sourced from us! This site does not sell your email to ad firms that will annoy you later. We don't store it in a database, we just help you test. We run analytics on site traffic and the number of emails tests. We are interested in how valuable the tool is and how we can make it better for you.
If you find this site useful help us out! The best way to help is to tell your friends and colleagues on social media. Show people how to use this site. Or use the site as a tool in your own consulting practice. Another way to help is feedback! Tell us how to be better. Use the form below. Finally, a great way to help is to test often. We see you out there and we appreciate you! |
Diagnostic Test Email Definitions E1-E10 |
Email E1 One valid email from emailSpoofTest.com to make sure you get our emails (should be deliverd to inbox)
|
Email E3 One email from a badDMARC.com where the policy is to strictly reject all email (should be rejected by your email servers)
|
Email E5 One email from badDKIM.com where the policy is to reject email without a DKIM signature (should be rejected by your email servers)
|
Email E7 One email from badSPF.com that rejects all email but has no DMARC policy defined (should be rejected by your email servers)
|
Email E9 One email from your sending email address (should be rejected by your email servers and your DMARC monitoring should raise an alert). This tests spoofing internal mail from the outside. It sends a mail from you to you but from our servers. If internal authentication is properly set this email should not get to your inbox. |
Email E10 One email from a domain that does not exist (should not deliver to inbox). This test is sent from a non-existing domain "garbageRANDOMNUMBERf.com". If this email gets to your inbox or junkmail your email system accepts email from nonexisting domains. |
|
|
|