|
Email security test tool
matrix Know of a great tool? Submit additions & corrections to report@emailspooftest.com Test | Report | Unsupported | Partial |
|
Inbound anti-phish controls
"can I be phished?" |
Outbound anti-impersonation controls
"can I be impersonated?" |
Inbound Payload
Protection
"can I be infected?" |
Phish
Training "are my users trained?" |
||||||
| Requirements & Definitions | DNS Fraud (SPF, DMARC, DKIM, Subdomains) | Reverse Lookups/ Fake Domains, Authentication | DNS configuration | SSL, Authentication | Body | Attachment | Link | Phish Simulator | Usability |
|---|---|---|---|---|---|---|---|---|---|
 emailSpoofTest.com |
Test | Test | Test | Test | - | - | - | Partial: Direct impersonation with Advanced mode |
Under 10 seconds |
 IRONSCALES URL scanner |
- | - | - | - | - | Test | Test | - |
Fast No sign-up 10 scans a day |
|
IRONSCALES Phish emulation |
- | - | - | - | Test | Test | Test | Test | Requires sign-up |
 BitDam Lucky Meter |
- | - | - | - | - | Test | Test | Partial: Phish for pen-testing not user training | Uses app to send obfuscated and disarmed real phishing tactic tests and measure detection efficacy |
 LIBRA ESVA Email Security Tester |
- | Partial: Spoofed envelope only | - | - | Test | Test | Test | Partial: BEC Whaling |
30 seconds No sign up Verification email |
| Vircom Email Security Grader | - | - | Test | Test | - | - | - | - | Fast No sign-up Good gateway setup |
| Internet.nl mail test | - | - | Report | Report | - | - | - | - |
Fast No sign-up Good gateway setup |
| KnowBe4 | - | Partial: Auth only | - | Partial: Auth only | - | - | - | Test |
Requires sign-up |
| EasyDMARC | - | - | Report | - | - | - | - | - | Fast No signup |
| DNS Stuff MSTC | - | - | Report | Report | - | Test | - | - |
Fast No sign-up |
| Mail-Tester.com | - | - | Report | - | - | - | - | - | Fast No Sign-up |
| Emkei's mailer | Test | Test | Test | - | - | Test | - | Partial: Direct impersonation only |
Fast Manual testing setup required No sign-up |
| Requirements & Definitions | ||
|
Test: Tests control functionality Report: Reports current configurations Partial: Provides a subset of control validation |
||
|
Inbound anti-phish controls "can I be
phished?" DNS Fraud (SPF, DMARC, DKIM, Subdomains): Reports or tests the settings that prevents DNS fraud where unauthorized mail servers from send spoofed or fraudulent emails to trick your users Reverse lookups/ fake domains, and authentication: Reports or tests the controls that prevent fake and lookalike domains, and attempts to send email as an internal user to trick your users Answers the question: Does my connection security protect against fraudulent emails inbound? (phishing) Concerns: Email connection security is very important for stopping email spoofing and fraud. Many vendors claim to provide enforcement level of email fraud protection but actually leverage a scoring system which should be looked at closely. |
||
|
Outbound anti-impersonation controls
"can I be impersonated?" DNS Configuration: Reports or tests the controls to prevent others from impersonating your email domains SSL, Authentication: Reports or tests the controls that force email authentication to prevent impersonations of internal users to your mail servers. Validates or Tests the controls that transfer mail securely to prevent an attacker from intercepting email in transit. Answers the question: Does my system prevent others from impersonating my email domains? |
||
|
Inbound Payload Protection "can I be infected?" Body: Tests the ability to prevent malware and malicious code in the body of the email Attachment: Tests the ability to prevent malicious attachments Link: Tests the ability to prevent malicious links |
||
|
Phish Training "are my users trained?" Phish Simulator: Tests a users ability to detect malware and malicious code in the body of the email |
||
|
To
submit changes or add a product review use the form below or send us an email: report@emailspooftest.com
|
