|
What is Spoofing? Email spoofing is sending an email as someone else in attempt to “phish” or trick someone into thinking the email is from someone it is not. There are a few different methods used;
|
Frequently Asked Questions... with answers! What is emailSpoofTest.com and what is it used for? EmailSpoofTest.com is the only safe, easy, and private email self-penetration testing platform with tools needed to test and validate the security of any email system. The concept: is to send yourself phishing & fraud emails using all the possible ways hackers can fake email; to test if an email system will drop the fraud email or allow fraud email in. If you get any of the clearly marked test emails, there are instructions inside with hints on how to correct the configuration.
Why is there a need for emailSpoofTest.com? We found that even the advanced and carefully configured email security systems have security controls that are misconfigured or simply do not work Ransomware is initialized by email fraud Penetration tests are complicated, expensive, and exposes flaws to a 3rd party
I didn't receive any email from emailSpoofTest.com, am I safe?
No, the best way to know you are protected is to have your system validated by our team. Disclaimer: By using this site you are not safer, nor proving you are safe from anything in any way. This is simply a test tool to help you figure out how exposed (not safe) you might be. Sometimes the emails can take a few minutes to get delivered but typically our emails are delivered within 10 minutes. If its slow, its probably you, not us. Our end of the operation is very fast and simple. If this site stops working correctly please let us know. If you did not receive any of our emails, this is not an indicator that you are protected. Check SPAM and other protection mechanisms. If you received one of our test emails then your systems are very likely vulnerable. If you received one of these emails in your SPAM your systems are very likely vulnerable.
What are you doing with my email address? You will not get spam sourced from us! This site does not sell your email to ad firms that will annoy you later. We don't store it in a database, we just help you test. We run analytics on site traffic and the number of emails tests. We are interested in how valuable the tool is and how we can make it better for you.
If you find this site useful help us out! The best way to help is to tell your friends and colleagues on social media. Show people how to use this site. Or use the site as a tool in your own consulting practice. Another way to help is feedback! Tell us how to be better. Use the form below. Finally, a great way to help is to test often. We see you out there and we appreciate you! |
Email Definitions |
Email 1 is a clean passing email from emailspooftest.com. Email 2 is from a disallowed subdomain of emailspooftest.com. You should not get email E2 DNS settings for emailSpoofTest.com Emailspooftest.com DNS settings:DMARC = Quarantine | Relaxed SPF | Relaxed DKIM | Reject subdomains [v=DMARC1; p=quarantine; rua=mailto:emailspooftest@ignitecyber.co; ruf=mailto:emailspooftest@ignitecyber.co; fo=1:d:s; adkim=r; aspf=s; sp=reject] SPF = Allow included URLs, deny others [v=spf1 include:spf.websitewelcome.com include:spf2.websitewelcome.com include:amazonses.com include:secureserver.net -all] DKIM = email not signed [selector = a1, v=DKIM1; k=rsa; p=ZW1...] |
Email 3 DNS Settings for badDMARC.com DMARC = Reject | Strict SPF | Strict DKIM | Reject subdomains [v=DMARC1; p=reject; rua=mailto:baddmarc@ignitecyber.co; ruf=mailto:baddmarc@ignitecyber.co; fo=1:d:s; adkim=s; aspf=s; sp=reject] SPF = Deny all senders [v=spf1 -all] DKIM = email not signed [selector = default, v=DKIM1; k=rsa; p=MIIB...] Email 4 is from a subdomain of badDMARC.com.
|
Email E5 DNS Settings for badDMARC.com DMARC = Reject | Strict SPF | Strict DKIM | Reject subdomains [v=DMARC1; p=reject; rua=mailto:baddmarc@ignitecyber.co; ruf=mailto:baddmarc@ignitecyber.co; fo=1:d:s; adkim=s; aspf=s; sp=reject] SPF = Deny all senders [v=spf1 -all] DKIM = email not signed [selector = default, v=DKIM1; k=rsa; p=MIIB...]
Email E6
is from a subdomain of badDKIM.com.
|
Email 7 DNS Settings for badSPF.com DMARC = Not configured (Neutral) SPF = Reject all [v=spf1 -all] DKIM = email not signed (Selector = default) [selector = default, v=DKIM1; k=rsa; p=MIIB...]
Email E8
is a subdomain of badSPF.com.
|
Email
E9 tests spoofing internal mail from the outside. It sends a mail from you to you
but from our servers. If internal authentication is properly set this email should not get to your inbox. |
Email
E10 is sent from a non-existing domain "garbage000f.com". If this email gets to your inbox your email system does not perform reverse DNS lookups. |
|
|
|