I’ll start by saying that I don’t think I have ever written a blog post about one of our free tools here at KnowBe4. It’s not that I don’t like the other tools or think that they lack usefulness (quite the opposite actually), it’s just that this new one really sticks out for me. I see this as a very handy tool for email admins or those security folks that want to close some doors in their email system (or even just figure out what’s really happening with the filters).
Having said that, I would like to introduce you to the newest free tool in the KnowBe4 lineup, the Mailserver Security Assessment, or MSA as it is affectionately known around here. This handy (and again, FREE) tool is designed to test your email filters and give you an idea what can pass and what is blocked at that level. This is not a tool designed to test your email servers configuration, other than the filtering parts, but given the proliferation of email attacks through phishing these days, it’s a pretty good idea to know what can get to your users and what can’t. From there you can make some changes, test, lather, rinse, repeat until you have things the way you would like.
The way it works is simple. You sign up for the free tool on the website which generates an email that will take you to the assessment page. This is actually performing one step on its own, confirming that you can indeed receive emails from the test servers in the first place. After all, if you can’t receive the basic email, all of the others are bound to fail.
Once at the assessment page, you can choose which emails you want to test by checking the box next to the email type. Once you have picked your email types, just click, “Start Assessment” and the magic happens. Now, within a few minutes the tool will send you an email from each of the categories you chose. If you receive the email, you know it’s not filtered, if you didn’t and it doesn’t show an error in the tool, you can be pretty confident that it was filtered. It’s really that simple.
In my case, it was interesting to see that although my main mail server did not filter these, when I used Gmail to pull it into my Inbox, Gmail did filter them. Something to keep in mind when you are testing, and if you are using various clients. Check it all the way through.
How handy is that compared to trying to configure your own emails to test this? I encourage you to check the tool and use it to make sure you are blocking the particularly nasty stuff, like the venerable, “Zipped Word Document w/ Macro”. That’s not something I would expect to see as a requirement in most situations. 🙂
Currently, the tool can perform 40 different tests by sending 40 different emails of the following types. Use it in good health!
|Transport Encryption Test||Excel File||Executable (EICAR Sample)|
|Email w/ Soft SPF Failure||Excel File w/ Macro||Executable (EICAR Sample) (Zipped)|
|Email w/ Hard SPF Failure||Excel File w/ Macro (Zipped)||Executable (EICAR Sample) (Zipped w/ Password)|
|Email w/ Punycode Domain (IDN Homograph)||Excel File w/ Macro (Zipped w/ Password)||HTML (Link)|
|Spoofed Email (From address)||PowerPoint||HTML (Auto-Redirect)|
|Transport Encryption Test||PowerPoint w/ Macro||HTML (Auto-Redirect) (Zipped)|
|Spoofed Email (Altered domain)||PowerPoint w/ Macro (Zipped)||HTML (Auto-Redirect) (Zipped w/ Password)|
|Word Document w/ Macro (Zipped)||PDF File w/ Script (Zipped)||PowerShell Script|
|Word Document w/ Macro (Zipped w/ Password)||Executable (Dialog Box)||PowerShell Script|
|Word Document w/ OLE inserted Executable||Executable (Dialog Box) (Zipped)||PowerShell Script (Zipped)|
|Executable (Dialog Box) (Zipped w/ Password)||PowerShell Script (Zipped w/ Password)|
Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.