Email Security Tester

Over 90% of email traffic has spam, phishing, malware and other electronic threats. Email is the main infection vector for ransomware and malware. This tool tests if your email server is correctly configured to stop these common threats.

opened

What's the Test?

It's an email pen test. It tests if your email server is correctly configured to stop these common threats.

Your security product should block, disarm or disinfect all samples sent to you.

Should some test emails reach your inbox, don't jump to conclusions — read the
email description to discover if and how the message has been disarmed. After the
test is complete, you can review your results and understand if you’re safe or if you
could be the victim of a future attack.

Image placeholder
%

Over 90% of email traffic has spam, phishing, malware and other electronic threats

Image placeholder
#

Email is the primary vector for delivering malware and ransomware

Image placeholder
$ K

Average cost to a business due to a cyberattack

Helpful answers

Do you need any further information before taking the test?

So you can discover where the holes and gaps are in your defences. Once you know where they are you can do something about it.

When you click on the Take the test button you simply add your email address and details to the tool. The test will send you 16 of the most common email threats that should be picked up by any credible email security solution. All threats have been disarmed and are safe to receive but will behave as if they are malicious.

The Test is non-intrusive and private, no client integration or installation is required. It's completely safe and will not disrupt operations. Minimal details are required to begin the test, so low impact on resources. The test is free and there's no obligation to buy anything.

You'll be emailed with a detailed report of what's been discovered. If a threat is present it will tell you how it should be stopped. If a threat has been correctly identified you will be informed that your existing email security solution is working ok.

Our email tests

Which email threats will be tested against your current email security solution?

Image placeholder
1. Spoofed envelope sender
Spoofing

Email spoofing is the creation of email messages with a forged sender address. Hackers use this technique to launch a phishing attack on as many employees as possible.

Image placeholder
2. HTML analysis
Content

This email tests the ability of your Email Security Solution to detect threats in the message content. Some HTML tags are considered to be potentially dangerous to the extent that they can install malware.

Image placeholder
3. Executable file
Attachment

Most email providers don't allow you to send executable or ".exe" files. Most executable files are legitimate. However, some executable files are malicious and used to spread malware. Attached you'll find a widely well-known executable file, absolutely harmless, named putty.exe.

Image placeholder
4. Virus attachment
Content

This is a well-known code, known by all antivirus as EICAR, which is used for the purpose of testing that the antivirus is functional and reacting to signature-based virus.

Image placeholder
5. Outlook Conditional Comment
Content

This email tests the ability of your email security solution to detect threats in the message content. Microsoft Outlook for Windows uses HTML comments as the conditional rendering engine. That means an attacker could exploit this feature by storing, for example, bad links in comments that are usually ignored by other email clients, targeting Microsoft Windows clients.

Image placeholder
6. Malware URI
Link

This email tests the ability of your Email Security Gateway to detect hidden malware URI's in realtime, so that 0-day and 0-hour threats can be blocked as soon as they are detected.

Image placeholder
7. Zero Width Spaces link
Link

The zero width space (ZWSPs) is an Unicode character. It's white space but renders with zero width. So you don't see it. This email tests the ability of your Email Security Gateway to detect zero width spaces (ZWSPs) used in links to bypass security features.

Image placeholder
8. Base HTML Tag link
Link

This email tests the ability of your Email Security Gateway to detect a vulnerability known as baseStriker that allows miscreants to send malicious emails that bypass security systems.

Image placeholder
9. HTML JS Redirect Attachment
Attachment

Recently in the wild .HTML file attachments have been used to deliver malcode (usually via embedded Javascript) to endpoints. That's why your Email Security Gateway should look at this trick and protect you by removing or disarming the .HTML attachment.

Image placeholder
10. RFC-Abused HTML Attachment
Attachment

A Request for Comments (RFC) is a formal document from the Internet Engineering Task Force (IETF) that are considered Internet standards. If your email script's coding is not RFC compliant, a mail servers should reject the email.

Image placeholder
11. Active PDF
Attachment

Adobe PDF Reader (and possibly other readers) contains a Javascript engine similar to the ones used by web browsers. This means that PDF documents are not purely static, and for example some actions may be used to fool a user (popups) or to send e-mails and HTTP requests automatically. Furthermore, experience shows that many recent vulnerabilities have been exploited using Javascript in PDF.

Image placeholder
12. PDF with malicious text link
Attachment

PDF files can contain text, images and links. Or.. what we call a text link, that is normal text pointing to a website. Adobe Reader (and possibly other readers) with the goal of making the life easier to users, automatically detects such text links making them active so you can just click on the link.

Image placeholder
13. PDF with malicious link
Attachment

Spammers increasingly use a PDF's ability to embed hyperlinks into documents so that recipients of malicious PDFs open malicious Web sites.

Image placeholder
14. ZIP Archive with JS
Attachment

Cybercriminals will employ new and even older techniques to compromise users and enterprises for profit. JavaScript malware in malspam campaigns are not new, but remain dangerous for users because it may no longer require executables nor further interactions with the user to be launched.

Image placeholder
15. Email with malicious QR Code
Phishing

QR code phishing or quishing is a type of phishing attack that uses QR codes to lure victims into revealing sensitive information. This email embeds a QR Code that should be blocked by your Email Security solution.

Image placeholder
16. Business Email Compromise
Spoofing

Business Email Compromise (or Whaling) fraud is a phishing attack where the sender impersonates an executive (often the CEO), and they attempt to trick the victim into transferring funds or sensitive information.

Image placeholder
17. MS Excel Document with formula macro function
Attachment

Macro-formulas allow writing code by entering statements directly into cells, just like normal formulas. The macro-formulas that allow executing malicious code are named EXEC, RUN and CALL. Also indirect formula generation is possible through the FORMULA.FILL statement, which creates a formula by gathering data from lots of different cells and making some transformations.

"I would recommend Libraesva Email Security. The installation was simple, the day to day usage is easy to operate, the functionality offers a great deal of configuration options, and overall it offers great value for money."

Joel Harper

Wirral Metropolitan College

"We were impressed with the features and ease of use of Libraesva as soon as the evaluation started. The subsequent installation and go-live was very smooth and the quality of the support is very high."

Woldingham School

"Libraesva brought down the cost of managing and maintaining of antispam solution, freeing up resources to be able to allocate to new projects."

Ronnie van de Laak

IMarEST