Email Spoof Test

FractionalCISO.com overview

What is Spoofing?

Email spoofing is sending an email as someone else in attempt to “phish” or trick someone into thinking the email is from someone it is not. There are a few different methods used;

“Spoof” name	Example	Prevention
Impersonated domains	jim@facebook.com	SPF, DKIM
Domain look-alikes	jim@facedook.com	Reverse DNS
Fake domains	jim@notarealdomain.com	Reverse DNS
Impersonation of internal user	jim@yourcompany.com	Internal Authentication, Internal SPF

Frequently Asked Questions... with answers!

What is emailSpoofTest.com and what is it used for?

EmailSpoofTest.com is the only safe, easy, and private email self-penetration testing platform with tools needed to test and validate the security of any email system.

The concept: is to send yourself phishing & fraud emails using all the possible ways hackers can fake email; to test if an email system will drop the fraud email or allow fraud email in. If you get any of the clearly marked test emails, there are instructions inside with hints on how to correct the configuration.

Why is there a need for emailSpoofTest.com?

We found that even the advanced and carefully configured email security systems have security controls that are misconfigured or simply do not work

Ransomware is initialized by email fraud

Penetration tests are complicated, expensive, and exposes flaws to a 3rd party

I didn't receive any email from emailSpoofTest.com, am I safe?

No, the best way to know you are protected is to have your system validated by our team.

Disclaimer: By using this site you are not safer, nor proving you are safe from anything in any way. This is simply a test tool to help you figure out how exposed (not safe) you might be. Sometimes the emails can take a few minutes to get delivered but typically our emails are delivered within 10 minutes. If its slow, its probably you, not us. Our end of the operation is very fast and simple. If this site stops working correctly please let us know. If you did not receive any of our emails, this is not an indicator that you are protected. Check SPAM and other protection mechanisms.

If you received one of our test emails then your systems are very likely vulnerable. If you received one of these emails in your SPAM your systems are very likely vulnerable.

What are you doing with my email address?

You will not get spam sourced from us! This site does not sell your email to ad firms that will annoy you later. We don't store it in a database, we just help you test. We run analytics on site traffic and the number of emails tests. We are interested in how valuable the tool is and how we can make it better for you.

If you find this site useful help us out!

The best way to help is to tell your friends and colleagues on social media. Show people how to use this site. Or use the site as a tool in your own consulting practice. Another way to help is feedback! Tell us how to be better. Use the form below.

Finally, a great way to help is to test often. We see you out there and we appreciate you!

How businesses are using EmailSpoofTest.com...

Penetration testers, Red Teams, and Managed Security Providers use EmailSpoofTest.com to test and correct email security controls for their customers.

Businesses with compliance needs for ISO, NIST, PCI, HIPAA, BOD 1801 build EmailSpoofTest.com into continuous monitoring, continuous improvement, and companies with a SOC run our tools daily to ensure ongoing protection.

Continuous improvement -Businesses use EmailSpoofTest.com to show a trend of consistently checking and improving email security for good cyber-hygiene, due diligence, and reduced cyber-liability.

3rd party risk mandates -Financial institutions use EmailSpoofTest.com as a 3rd party risk requirement to ensure that business partners are secure from email-based supply-chain attacks.

Change control for email and DNS -Businesses use EmailSpoofTest.com after changes or updates to an email system or DNS which can cause huge gaps that go unnoticed without testing. Test your controls with EmailSpoofTest.com to ensure security as part of the change control process.

DNS can expire and change -DNS is often changed by multiple groups within a company causing email security holes that go unnoticed without testing. Also, DNS can expire, changing your environment leaving exposure.

Cloud email changes -IP changes, DNS changes, gateway changes… we find that cloud email environments with shared IP spaces like Gsuite or M365 need the most work out of the box and require ongoing security control validation
Email security & detection mechanisms are dynamic and change constantly -this means you need to be checking for the latest BEC and phish-kit attacks often

Compliance & Audit Operating Directives -like BOD 1801, ISO, PCI, HIPAA, NIST… all require validating email security controls by testing with EmailSpoofTest.com regularly.

EmailSpoofTest.com Use-Cases

Personal use Am I protected?

Personal non-business, & educational users use this site to learn about mail systems and set up testing environments. No advance mode license required.

Business use; Change Control Have my business defenses changed?

Changes to an email environment can leave holes that go unnoticed for years. Businesses use this site to validate controls after a change or update to email or email security. Most test at least once per month for each mail domain and after changes. Advanced license is required.

Business use; Penetration Test/ Security Assessments Is my business vulnerable?

Assessing the security posture for inbound mail fraud, spoofing executives, and penetration testing relays are just a few of the ways to use this site to assess and test email infrastructure. Advanced license is required.

Business use; Business value, email security efficacy & security software sales Do my customers need help?

This site is used to start pre-sales discussions around email security and prove efficacy during proof of concept comparisons. Advanced license is required.

Email Definitions

Email 1 is a clean passing email from emailspooftest.com.

Email 2 is from a disallowed subdomain of emailspooftest.com. You should not get email E2

DNS settings for emailSpoofTest.com

Emailspooftest.com DNS settings:

DMARC = Quarantine | Relaxed SPF | Relaxed DKIM | Reject subdomains [v=DMARC1; p=quarantine; rua=mailto:emailspooftest@ignitecyber.co; ruf=mailto:emailspooftest@ignitecyber.co; fo=1:d:s; adkim=r; aspf=s; sp=reject]

SPF = Allow included URLs, deny others [v=spf1 include:spf.websitewelcome.com include:spf2.websitewelcome.com include:amazonses.com include:secureserver.net -all] DKIM = email not signed [selector = a1, v=DKIM1; k=rsa; p=ZW1...]

Email 3

DNS Settings for badDMARC.com DMARC = Reject | Strict SPF | Strict DKIM | Reject subdomains [v=DMARC1; p=reject; rua=mailto:baddmarc@ignitecyber.co; ruf=mailto:baddmarc@ignitecyber.co; fo=1:d:s; adkim=s; aspf=s; sp=reject]

SPF = Deny all senders [v=spf1 -all] DKIM = email not signed [selector = default, v=DKIM1; k=rsa; p=MIIB...]

Email 4 is from a subdomain of badDMARC.com.

Email E5

DNS Settings for badDMARC.com

DMARC = Reject | Strict SPF | Strict DKIM | Reject subdomains [v=DMARC1; p=reject; rua=mailto:baddmarc@ignitecyber.co; ruf=mailto:baddmarc@ignitecyber.co; fo=1:d:s; adkim=s; aspf=s; sp=reject]

SPF = Deny all senders [v=spf1 -all] DKIM = email not signed [selector = default, v=DKIM1; k=rsa; p=MIIB...]

Email E6 is from a subdomain of badDKIM.com.

Email 7

DNS Settings for badSPF.com

DMARC = Not configured (Neutral)

SPF = Reject all [v=spf1 -all] DKIM = email not signed (Selector = default) [selector = default, v=DKIM1; k=rsa; p=MIIB...]

Email E8 is a subdomain of badSPF.com.

Email E9 tests spoofing internal mail from the outside. It sends a mail from you to you but from our servers. If internal authentication is properly set this email should not get to your inbox.

Email E10 is sent from a non-existing domain "garbage000f.com". If this email gets to your inbox your email system does not perform reverse DNS lookups.

---ads by google---