Web-based free email security tools feature comparison.

Know of a great tool? Submit additions & corrections to report@emailspooftest.com

Test | Report | Unsupported | Partial

Unsupported = "-" Inbound anti-phish controls
"can I be phished?"
Outbound anti-impersonation controls
"can I be impersonated?"
Inbound Payload Protection
"can I be infected?"
Phish Training
"are my users trained?"
 
Requirements & Definitions  DNS Fraud (SPF, DMARC, DKIM, Subdomains) Reverse Lookups/ Fake Domains, Authentication DNS configuration SSL, Authentication Body Attachment Link Phish Simulator Usability
emailSpoofTest.com
emailSpoofTest.com
Test Test Test Test - - - Partial: Direct impersonation with Advanced mode

Under 10 seconds
No sign-up

IRONSCALES
IRONSCALES URL scanner
- - - - - Test Test - Fast
No sign-up
10 scans a day
IRONSCALES
IRONSCALES Phish emulation
- - - - Test Test Test Test Requires sign-up
BitDam
BitDam Lucky Meter
- - - - - Test Test Partial: Phish for pen-testing not user training Uses app to send obfuscated and disarmed real phishing tactic tests and measure detection efficacy
LIBRAESVA ESG
LIBRA ESVA Email Security Tester
- Partial: Spoofed envelope only - - Test Test Test Partial: BEC Whaling 30 seconds
No sign up
Verification email
Vircom Email Security Grader - - Test Test - - - - Fast
No sign-up
Good gateway setup
Internet.nl mail test - - Report Report - - - - Fast
No sign-up
Good gateway setup
KnowBe4 - Partial: Auth only - Partial: Auth only - - - Test Requires sign-up
EasyDMARC - - Report - - - - - Fast
No signup
DNS Stuff MSTC - - Report Report - Test - - Fast
No sign-up
Mail-Tester.com - - Report - - - - - Fast
No Sign-up
Emkei's mailer Test Test Test - - Test - Partial: Direct impersonation only Fast
Manual testing setup required
No sign-up


 

  Requirements & Definitions  
  Test: Tests control functionality

Report: Reports current configurations

Partial: Provides a subset of control validation


 
  Inbound anti-phish controls "can I be phished?"

DNS Fraud (SPF, DMARC, DKIM, Subdomains): Reports or tests the settings that prevents DNS fraud where unauthorized mail servers from send spoofed or fraudulent emails to trick your users

Reverse lookups/ fake domains, and authentication: Reports or tests  the controls that prevent fake and lookalike domains, and attempts to send email as an internal user to trick your users


Answers the question: Does my connection security protect against fraudulent emails inbound? (phishing)

Concerns: Email connection security is very important for stopping email spoofing and fraud. Many vendors claim to provide enforcement level of email fraud protection but actually leverage a scoring system which should be looked at closely.


 
  Outbound anti-impersonation controls  "can I be impersonated?"

DNS Configuration: Reports or tests the controls to prevent others from impersonating your email domains

SSL, Authentication: Reports or tests the controls that force email authentication to prevent impersonations of internal users to your mail servers. Validates or Tests the controls that transfer mail securely to prevent an attacker from intercepting email in transit.

Answers the question: Does my system prevent others from impersonating my email domains?



 
  Inbound Payload Protection "can I be infected?"

Body: Tests the ability to prevent malware and malicious code in the body of the email

Attachment: Tests the ability to prevent malicious attachments

Link: Tests the ability to prevent malicious links



 
  Phish Training "are my users trained?"

Phish Simulator: Tests a users ability to detect malware and malicious code in the body of the email




 
     

---ads by google---


         To submit changes or add a product review
use the form below or send us an email: report@emailspooftest.com

 

 

Have email security questions? Want expert advice? Just want to say hello or give suggestions?

Please use the form to instantly message our team.
Name:  
Email:  
Phone:  
Message:

---ads by google---