Do you know what types of files your mail servers are blocking? Here’s a free tool to help

I’ll start by saying that I don’t think I have ever written a blog post about one of our free tools here at KnowBe4. It’s not that I don’t like the other tools or think that they lack usefulness (quite the opposite actually), it’s just that this new one really sticks out for me. I see this as a very handy tool for email admins or those security folks that want to close some doors in their email system (or even just figure out what’s really happening with the filters).

Having said that, I would like to introduce you to the newest free tool in the KnowBe4 lineup, the Mailserver Security Assessment, or MSA as it is affectionately known around here. This handy (and again, FREE) tool is designed to test your email filters and give you an idea what can pass and what is blocked at that level. This is not a tool designed to test your email servers configuration, other than the filtering parts, but given the proliferation of email attacks through phishing these days, it’s a pretty good idea to know what can get to your users and what can’t. From there you can make some changes, test, lather, rinse, repeat until you have things the way you would like.

The way it works is simple. You sign up for the free tool on the website which generates an email that will take you to the assessment page. This is actually performing one step on its own, confirming that you can indeed receive emails from the test servers in the first place. After all, if you can’t receive the basic email, all of the others are bound to fail.

Once at the assessment page, you can choose which emails you want to test by checking the box next to the email type. Once you have picked your email types, just click, “Start Assessment” and the magic happens. Now, within a few minutes the tool will send you an email from each of the categories you chose. If you receive the email, you know it’s not filtered, if you didn’t and it doesn’t show an error in the tool, you can be pretty confident that it was filtered. It’s really that simple.

Pick your emails or “select all”

Start the assessment

Check for failures in the console

Check your inbox for the messages that made it

In my case, it was interesting to see that although my main mail server did not filter these, when I used Gmail to pull it into my Inbox, Gmail did filter them. Something to keep in mind when you are testing, and if you are using various clients. Check it all the way through.

How handy is that compared to trying to configure your own emails to test this? I encourage you to check the tool and use it to make sure you are blocking the particularly nasty stuff, like the venerable, “Zipped Word Document w/ Macro”. That’s not something I would expect to see as a requirement in most situations. 🙂

Currently, the tool can perform 40 different tests by sending 40 different emails of the following types. Use it in good health!

Transport Encryption Test Excel File  Executable (EICAR Sample)
Email w/ Soft SPF Failure Excel File w/ Macro  Executable (EICAR Sample) (Zipped)
Email w/ Hard SPF Failure Excel File w/ Macro (Zipped)  Executable (EICAR Sample) (Zipped w/ Password)
Email w/ Punycode Domain (IDN Homograph) Excel File w/ Macro (Zipped w/ Password)  HTML (Link)
Spoofed Email (From address) PowerPoint  HTML (Auto-Redirect)
Transport Encryption Test PowerPoint w/ Macro  HTML (Auto-Redirect) (Zipped)
Spoofed Email (Altered domain) PowerPoint w/ Macro (Zipped)  HTML (Auto-Redirect) (Zipped w/ Password)
Spoofed Email (Reply address)  PowerPoint w/ Macro (Zipped w/ Password)  JavaScript
Word Document PDF File  JavaScript (Zipped)
Word Document w/ Macro PDF File w/ Script  JavaScript (Zipped w/ Password)
Word Document w/ Macro (Zipped) PDF File w/ Script (Zipped)  PowerShell Script
Word Document w/ Macro (Zipped w/ Password)  Executable (Dialog Box)  PowerShell Script
 Word Document w/ OLE inserted Executable  Executable (Dialog Box) (Zipped)  PowerShell Script (Zipped)
 Executable (Dialog Box) (Zipped w/ Password)  PowerShell Script (Zipped w/ Password)



Anytime you are making one of these high profile deals, remember that attackers might also be aware and will use it to target you

from Twitter