Frequently Asked Questions

The free email security test is a validator that sends test emails to your mailbox and analyzes where they land (inbox, spam, or blocked). You get a comprehensive score and gap analysis of your email security configuration.

After verifying your mailbox ownership, we send 20 test emails covering social engineering patterns, content analysis, attachment policies, header analysis, QR code phishing, link wrapping, and visual evasion techniques. You confirm where each email landed, and we calculate your security score with actionable recommendations.

Gap analysis identifies specific weaknesses in your email security configuration, ranked by impact. You'll receive actionable recommendations for improving your security posture based on where test emails landed in your mailbox.

Yes! After completing your test, you can opt in to anonymously compare your score with other organizations in our benchmark. Your email address and domain are never shared - only anonymized scores and organization size buckets.

Yes, Email Pen Test is an email security testing tool built intentionally for Google Workspace and Gmail customers. The tool uses Gmail-native language and tests how Gmail's filtering handles different email patterns. The results are optimized for Google Workspace security configurations.

The test suite covers 20 test cases across four main categories: Social Engineering (display name spoofing, internal message spoofing, homograph attacks), Content Analysis (link wrapping, AI prompt injection, visual spam evasion), Attachment Policy (HTML attachments, nested files), and Header Analysis (reply-to manipulation, list-unsubscribe abuse). All test emails are clearly marked and contain no malicious content. However, always exercise caution with emails from unknown senders and never click links or open attachments unless you're certain they're legitimate.

No. We never request OAuth access to Gmail. We send test emails to you, and you manually confirm where each email landed. We only store minimal metadata - never raw message bodies, attachments, or inbox contents.

Yes. All test emails are safe and clearly marked. We follow a defensive-only approach - we never provide instructions for crafting phishing lures or bypassing defenses. This is authorized testing only - use a mailbox you control. However, always exercise caution with emails from unknown senders and never click links or open attachments unless you're certain they're legitimate.

We store the email address you provide to deliver test emails and show results. We never request access to your inbox and never store raw email content. We protect data with standard safeguards and limit access. See our Security & Compliance page for details.

We collect minimal data: email address, test results (where emails landed), timestamps, and optional anonymous benchmark data. We never collect email content, attachments, or inbox access. Note: Email addresses from registration emails may be shared with trusted partners for follow-up; you can opt out at any time by emailing optout@emailpentest.io. See our Privacy Policy for complete details.

Yes. Email Pen Test is a legitimate email security testing tool designed to help organizations improve their email security. We follow security best practices, maintain transparent privacy policies, and operate with a defensive-only philosophy. We're committed to helping organizations strengthen their defenses, not exploit vulnerabilities.

Yes. We use your email address only to send test emails and verification codes and to show your results. We store minimal contact information to operate the service. Note: Email addresses from registration emails may be shared with trusted partners for follow-up, but you can opt out at any time. See our Privacy Policy for details.

We protect data in transit, implement rate limiting to prevent abuse, use bot protection systems, and follow security best practices. We never request access to your inbox and store minimal data. See our Security & Compliance page for details.

You can review our Privacy Policy, Terms of Service, and Security & Compliance pages. We recommend using a dedicated test mailbox (not your primary email) and reviewing the test emails before confirming results. All test emails are clearly marked and contain no malicious content. However, always exercise caution with emails from unknown senders and never click links or open attachments unless you're certain they're legitimate.