Mailserver Security Assessment (MSA)

Mailserver Security Assessment (MSA) Product Manual

KnowBe4's Mailserver Security Assessment (MSA) tool allows you to test your email security controls and mail server with 40 different types of email messages. Using this tool will provide you with the knowledge you need to understand the types of emails and email attachments that can reach your end users.

To learn about this product, read the below tutorial or watch this brief Mailserver Security Assessment (MSA) video.

Get Started

  1. To get started with your Assessment, fill out the form here. Then, click "Test my mailserver".
  2. Within 15 minutes, you'll receive your invitation. Click the link in the email to navigate to your MSA page. (Didn't receive your invitation?)
  3. Click "Get Started" and agree to the Terms and Conditions. 
  4. Select the types of emails you'd like to send (1). A description of each is below in our Test Email Types section. Then, click "Start Assessment" (2).Test Type Selection Screen
  5. The page that follows will list all of your tests as well as their status(es). You will also receive an automated follow-up email when the assessment is fully completed to remind you to review your results.MSA Test Status 
  6. On completed tests, the green checkmark (1) indicates the test was delivered. The exclamation point (2) indicates there was an error. Review the error or SMTP response listed to understand what happened with that particular test.Example of Undelivered Test Email
  7. If you'd like to use the MSA tool more than once, you can use the same link you received in your initial email to navigate back to your MSA page, or you may sign up again using the link from Step 1.

Test Email Types

There are 40 different types of messages you can send using the MSA tool. All of the emails and associated files are benign and will not cause harm to your computer if opened.

Descriptions of each of the test emails are below. 

Test Email Types Description Why is this important?
Transport Encryption Test Assesses your mail server's SMTP TLS (Transport Layer Security) encryption, if available.  TLS lets email servers securely exchange emails over an encrypted connection. If you receive this email, it means your mail server correctly shares certificate information. If you don't receive this email, it could mean that your mail server has an incorrect TLS certificate, doesn't support TLS, or is otherwise set up incorrectly.
Email w/ Soft SPF Failure Uses a sender domain with a "soft fail" SPF record. This means the sender is not authorized to use the "From" email address domain that it is using. Emails such as this could be potential phishing attempts, spoofing a well-known or trusted entity.
Email w/ Hard SPF Failure Uses a sender domain with a "hard fail" SPF record. This means the sender is not authorized to use the "From" email address domain that it is using. Emails such as this could be potential phishing attempts, spoofing a well-known or trusted entity.
Email w/ Punycode Domain (IDN Homograph) Imitates an IDN Homograph attack. Uses a "From" email address domain that appears to be another domain by using Punycode. IDN homograph attacks can deceive users into clicking on links that appear to be popular, safe websites but are actually malicious sites. A Punycode "From" email sender can trick users into believing the email they received is from a legitimate or trusted source.
Spoofed Email (From address) Uses a sender domain in the "From" email address field that spoofs your organization's domain. Emails like this can deceive your users into believing an email they received is safe and can be trusted, as they appear to be internal communication. 
Spoofed Email (Reply address) Uses a sender domain in the "Reply to" email address field that spoofs your organization's domain. Emails like this can deceive your users into believing an email they received is safe and can be trusted, as they appear to be internal communication. 
Spoofed Email (Altered domain) Uses a sender domain in the "From" email address field that spoofs your organization's domain but uses a different top-level domain (TLD), such as .corn instead of .com. Emails like this can deceive your users into believing an email they received is safe and can be trusted. The user may not see the slight difference in the sender email address when deciding how to respond to the email.
Word Document Uses an email containing a Word attachment. Attachments can be weaponized, even without Macros. For example, malicious links can be embedded within a safe-looking attachment. Office documents can also be exploited in other ways (such as the DDE exploit). 
Word Document w/ Macro Uses an email containing a Word attachment that also contains a Macro. A Macro is a set of programming instructions (written in Visual Basic for Applications (VBA)) embedded within an Office file. Macros can execute potentially dangerous code or infect a system with malware.
Word Document w/ Macro (Zipped) Uses an email containing a zipped Word attachment that also contains a Macro. A Macro is a set of programming instructions (written in Visual Basic for Applications (VBA)) embedded within an Office file. Macros can execute potentially dangerous code or infect a system with malware. Zipped files obfuscate the attachment type, which can help to bypass email security filters.
Word Document w/ Macro (Zipped w/ Password) Uses an email containing a password-protected, zipped Word attachment that also contains a Macro. A Macro is a set of programming instructions (written in Visual Basic for Applications (VBA)) embedded within an Office file. Macros can execute potentially dangerous code or infect a system with malware. Zipped files obfuscate the attachment type, which can help to bypass email security filters. Password-protection further obfuscates these files because the password is unknown to the scanning engine.
Word Document w/ OLE inserted Executable Uses an email containing a Word attachment with a benign OLE (Object Linking and Embedding) executable file embedded in it. OLE executable files can be added to Word documents and altered to have a seemingly safe title and icon.
Excel File Uses an email containing an Excel attachment. Attachments can be weaponized, even without Macros. For example, malicious links can be embedded within a safe-looking attachment. Office documents can also be exploited in other ways (such as the DDE exploit). 
Excel File w/ Macro Uses an email containing an Excel attachment that also contains a Macro. A Macro is a set of programming instructions (written in Visual Basic for Applications (VBA)) embedded within an Office file. Macros can execute potentially dangerous code or infect a system with malware.
Excel File w/ Macro (Zipped) Uses an email containing a zipped Excel attachment that also contains a Macro. A Macro is a set of programming instructions (written in Visual Basic for Applications (VBA)) embedded within an Office file. Macros can execute potentially dangerous code or infect a system with malware. Zipped files obfuscate the attachment type, which can help to bypass email security filters.
Excel File w/ Macro (Zipped w/ Password) Uses an email containing a password-protected, zipped Excel attachment that also contains a Macro. A Macro is a set of programming instructions (written in Visual Basic for Applications (VBA)) embedded within an Office file. Macros can execute potentially dangerous code or infect a system with malware. Zipped files obfuscate the attachment type, which can help to bypass email security filters. Password-protection further obfuscates these files because the password is unknown to the scanning engine.
PowerPoint  Uses an email containing a PowerPoint attachment. Attachments can be weaponized, even without Macros. For example, malicious links can be embedded within a safe-looking attachment. Office documents can also be exploited in other ways (such as the DDE exploit). 
PowerPoint w/ Macro Uses an email containing a PowerPoint attachment that also contains a Macro. A Macro is a set of programming instructions (written in Visual Basic for Applications (VBA)) embedded within an Office file. Macros can execute potentially dangerous code or infect a system with malware.
PowerPoint w/ Macro (Zipped)  Uses an email containing a zipped PowerPoint attachment that also contains a Macro. A Macro is a set of programming instructions (written in Visual Basic for Applications (VBA)) embedded within an Office file. Macros can execute potentially dangerous code or infect a system with malware. Zipped files obfuscate the attachment type, which can help to bypass email security filters.
PowerPoint w/ Macro (Zipped w/ Password)  Uses an email containing a password-protected, zipped PowerPoint attachment that also contains a Macro. A Macro is a set of programming instructions (written in Visual Basic for Applications (VBA)) embedded within an Office file. Macros can execute potentially dangerous code or infect a system with malware. Zipped files obfuscate the attachment type, which can help to bypass email security filters. Password-protection further obfuscates these files because the password is unknown to the scanning engine.
PDF File Uses an email containing a PDF attachment. Attachments can be weaponized, even without Macros. Malicious links or attachments can be contained within a safe-looking PDF.
PDF File w/ JavaScript Uses an email containing a PDF attachment that also contains JavaScript. PDF attachments can be weaponized to contain dangerous JavaScript.
PDF File w/ JavaScript (Zipped) Uses an email containing a zipped PDF attachment that also contains JavaScript. PDF attachments can be weaponized to contain dangerous JavaScript. Zipped files can obfuscate the attachment type to bypass email security filters.
PDF File w/ JavaScript (Zipped w/ Password) Uses an email containing a password-protected, zipped PDF attachment that also contains JavaScript. PDF attachments can be weaponized to contain dangerous JavaScript. Zipped files can obfuscate the attachment type to bypass email security filters. Password-protection further obfuscates these files because the password is unknown to the scanning engine.
Executable (Dialog Box) Uses an email containing a benign, executable attachment which will prompt with a dialog box.   Executable files can contain malware, viruses, spyware and other cybersecurity threats. 
Executable (Dialog Box) (Zipped) Uses an email containing a zipped, benign, executable attachment which will prompt with a dialog box.  Executable files can contain malware, viruses, spyware and other cybersecurity threats. Zipped files obfuscate the attachment type, which can help to bypass email security filters.
Executable (Dialog Box) (Zipped w/ Password) Uses an email containing a password-protected, zipped, benign, executable attachment which will prompt with a dialog box.  Executable files can contain malware, viruses, spyware and other cybersecurity threats. Zipped files obfuscate the attachment type, which can help to bypass email security filters. Password-protection further obfuscates these files because the password is unknown to the scanning engine.
EICAR Test Uses an email containing an EICAR attachment.  The EICAR virus is a sample DOS file that is used to test the operation of malware detection scanners. See more here: EICAR Intended Use
EICAR Test (Zipped) Uses an email containing a zipped EICAR attachment.  The EICAR virus is a sample DOS file that is used to test the operation of malware detection scanners. Zipped files obfuscate the attachment type, which can help to bypass email security filters. See more here: EICAR Intended Use
EICAR Test (Zipped w/ Password) Uses an email containing a password-protected, zipped EICAR attachment.  The EICAR virus is a sample DOS file that is used to test the operation of malware detection scanners. Zipped files obfuscate the attachment type, which can help to bypass email security filters. Password-protection further obfuscates these files because the password is unknown to the scanning engine. See more here: EICAR Intended Use
HTML (Attached) Uses an email containing an HTML attachment. HTML attachments can mimic well-known sites and prompt users to enter their sensitive data. They can also be weaponized to automatically download malicious files or redirect to dangerous websites. 
HTML (Auto-Redirect) Uses an email containing an HTML attachment which also contains redirecting JavaScript. HTML attachments can mimic well-known sites and prompt users to enter their sensitive data. They can also be weaponized to download malicious files or redirect to dangerous websites. 
HTML (Auto-Redirect) (Zipped) Uses an email containing a zipped HTML attachment which also contains redirecting JavaScript. Zipped files obfuscate the attachment type, which can help to bypass email security filters. 
HTML (Auto-Redirect) (Zipped w/ Password) Uses an email containing a password-protected, zipped HTML attachment which also contains redirecting JavaScript. Zipped files obfuscate the attachment type, which can help to bypass email security filters. Password-protection further obfuscates these files because the password is unknown to the scanning engine.
JavaScript Uses an email containing a JavaScript attachment. JavaScript files can execute potentially dangerous code to infect a system with malware or other viruses.
JavaScript (Zipped) Uses an email containing a zipped JavaScript attachment. JavaScript files can execute potentially dangerous code to infect a system with malware or other viruses. Zipped files obfuscate the attachment type, which can help to bypass email security filters.
JavaScript (Zipped w/ Password) Uses an email containing a password-protected, zipped JavaScript attachment. JavaScript files can execute potentially dangerous code to infect a system with malware or other viruses. Zipped files obfuscate the attachment type, which can help to bypass email security filters. Password-protection further obfuscates these files because the password is unknown to the scanning engine.
PowerShell Script Uses an email containing a PowerShell attachment. PowerShell is present on almost all Windows systems by default and is known to have many vulnerabilities. PowerShell scripts can execute dangerous code on a system when launched.
PowerShell Script (Zipped) Uses an email containing a zipped PowerShell attachment. PowerShell scripts can execute dangerous code on a system when launched. Zipped files obfuscate the attachment type, which can help to bypass email security filters. 
PowerShell Script (Zipped w/ Password) Uses an email containing a password-protected, zipped PowerShell attachment. PowerShell scripts can execute dangerous code on a system when launched. Zipped files obfuscate the attachment type, which can help to bypass email security filters. Password-protection further obfuscates these files because the password is unknown to the scanning engine.

Frequently Asked Questions (FAQs)

I've already whitelisted for KnowBe4's phishing and training emails. Can I still run the MSA and will it be accurate? 

Yes! The MSA test emails are not sent from any of the domains or IPs you've already whitelisted. So your existing whitelisting rule(s) will not interfere with the accuracy of the MSA.

I didn't get the email when I signed up. What should I do?

Check your Spam and Junk folder. The initial email we send does not contain anything that should be flagged by normal security controls. We don't advise or recommend that you attempt to whitelist anything in order to receive this email, as that defeats the purpose of the test. 

What should I do about the emails that were able to make it through or not make it through my email security controls?

KnowBe4 does not advise on what types of emails or attachments you should or should not allow through your mail filter or security controls. The MSA is meant to be an awareness tool to help you understand where potential vulnerabilities may exist. 

Can I run the MSA multiple times?

You may run the MSA as many times as you wish.

Are my results shared with KnowBe4?

Your results are completely private. KnowBe4 will not have access to your individual MSA console nor knowledge of the results you gather from your assessment.

Can I use the MSA with my personal email? (Gmail, Yahoo, etc.)

The test emails may only be sent to your corporate email address. Personal email accounts may not be used with the MSA.

Emails are marked as completed and delivered, but I don't receive the email, or the attachments on the email are missing.

It is normal behavior for many email security solutions to remove attachments or quarantine emails as a preventive method. If interested, review your quarantine or event logs for additional data about what occurred.

Can't find what you're looking for?

Contact Support