Powered by
Subscribe to updates

Email Spoof Test Panel

Phish Tests

  Can your business get BEC & ransomware phishing attacks?

Grade your inbox fraud protections now:
[tests DMARC, DKIM, SPF, rDNS, internal-auth]

Enter an email address where you have access to the inbox.

Click the test button below to launch the test emails to the target inbox.

Grade your results to understand email security gaps.

  enter an email to
Enter an email address and click test
to get a report like this for your email domain
pic of grades


Hello, I'm
ArcherHello I'm Archer, the beginning of a new generation of automated cloud-based security tools designed to fight cyber-threats. I am the only tool that can test the basic 10 email security fraud controls.

My team of humans teach me new advanced functions to expand my capabilities every week. The humans are easy to talk to, you can reach them with this form or email: humans@emailspooftest.com

I assess hundreds of
businessCommercial enterprises, MSPs, Red/ Blue teams, SOCs, use my capabilities daily to test and assess email security controls for; security, compliance, and change control.

Cybersecurity frameworks like NIST, ISO, MITRE, etc. say to use my services to implement and test security controls as part of a continous assessment/improvement model. I am the only tool able to test the basic 10 email fraud controls to stop todays email-spread ransomware, bots, drive-by's, and worms.
es every month to validate email security protections against
cyber-threatsPhishing is today's biggest problem in cybersecurity allowing threats to spread and data-loss to business and civil infrastructure.

Email users are tricked by emails specifically crafted to look like familar email systems and contacts. Popular phishing kits find new users or busy work environments are easy targets.

This combined with complex infrastructure: shared cloud environments, cloud email plugins, email security updates, changing email infrastructure, and changes to DNS often cause misconfigurations that allow email-spread threats to enter businesses. For example, I have seen Gsuite and M365 shared security postures change week-to-week. Insuring these email defenses work is mission critical!

Don't worry, I'm built to help!

This assessment will grade the ability to defend against these simulated phishing attacks:
Look-a-likeLook-a-like Attack: These are emails coming from addresses that look like valid email domains but are non-existing domains or use invalid characters
BECBEC: These are emails coming from addresses that look like valid email addresses from within your company.
reply-chain, fake insider attack
Fake-SubdomainFake-Subdomain Attack: These emails appear to come from a subdmain of a valid email domain.
DomainDomain Attack: These are emails that impersonate a valid email domain
SubdomainDomain Attack: These are emails that impersonate a valid email subdomain

Enter an email address you have access to above then click test to
tryFree limitations:
2 tests per domain address daily (limit 4 total each domain monthly)
6 tests per source IP
a security
assessmentI test your email security controls by sending you 1 notification email and 9 harmless test emails that your email system should reject completely.

If you get any of the test emails then you know you have an issue.

When you buy an access license, it unlocks the ability to see the detailed results and tips in this test; these help you understand the severity of any email security holes we find and provide guidance to correct the issue. You also get unlimited testing and access to the advanced tools.
and grade fraud protections

I will only send you email as part of a test.
I do not share your email with anyone.


( Limited Access )

Rob from Fracional CISO (about 3 min.)


How to use this test (about 2 min.)


---ads by google---


---ads by google---


---ads by google---