Cybersecurity companies aiming to safely deliver malicious files for testing require a multi-faceted approach that combines technical safeguards, clear communication, and adherence to legal and ethical standards. Utilizing separate infrastructure like throwaway domains, VPS, and EC2 instances helps isolate testing and protect sender reputation. Requesting clients to whitelist IPs and leveraging advanced delivery policies in platforms like Microsoft 365 can bypass filters. Transparency is crucial; informing recipients, their IT security teams, and even engaging with security and anti-spam vendors fosters trust and collaboration. Before sending, files should be analyzed in sandbox environments. Clear contractual agreements outlining scope and responsibilities are essential for legal protection. Encrypted archives can offer a basic level of bypass, but client awareness of the risks is key. Throughout the process, protecting sender reputation is paramount to ensure the continued deliverability of legitimate emails. Overall, balancing effective testing with ethical practices and minimizing potential harm is crucial.
11 marketer opinions
Cybersecurity companies face challenges in delivering malicious files for testing purposes without being blocked by security filters. The solutions involve a multi-faceted approach including technical configurations, process and communication strategies, and legal considerations. Key recommendations include using separate domains and IPs for testing, whitelisting IPs with clients, informing recipients and IT security teams, utilizing sandboxes, securing contractual agreements, and potentially using encrypted archives. Additionally, communication and coordination with anti-spam vendors are important. The overall goal is to minimize the impact on sender reputation and ensure that testing is conducted ethically and legally.
Marketer view
Email marketer from Reddit suggests ensuring that recipients are fully aware of the testing and the nature of the files they may receive. Clear communication is key, manage expectations. They suggest informing recipients before sending to them and giving a heads up to the internal security teams.
29 Jul 2021 - Reddit
Marketer view
Email marketer from Email Geeks shares experience with an AV vendor client, who had a pre-req doc for bypassing filtering for phishing tests and spun up a new Azure IP for each client for virus/malicious file testing, with Microsoft being aware of their activities.
10 Nov 2022 - Email Geeks
3 expert opinions
When cybersecurity companies need to send malicious files to clients for testing, it's crucial to do so without getting blocked and while protecting sender reputation. Experts recommend using throwaway domains, possibly with a VPS, for sending the files. They also stress the importance of safeguarding sender reputation to avoid affecting legitimate email streams. Building relationships with anti-spam vendors can also help, as they may be more lenient if they understand the testing criteria.
Expert view
Expert from Spam Resource, Laura Atkins, emphasizes the need to protect sender reputation when conducting security tests, highlighting the risk of damaging legitimate email streams. It is important to plan your testing to avoid affecting your sender reputation.
2 May 2024 - Spam Resource
Expert view
Expert from Email Geeks suggests sending malicious files from a throw away domain and possibly a VPS somewhere for cybersecurity testing.
28 Apr 2024 - Email Geeks
4 technical articles
Microsoft 365, AWS, NCSC and NIST documentation provide guidance on sending malicious files for security testing. Microsoft 365 offers advanced delivery policies to bypass filters for simulated phishing attacks. AWS describes using EC2 instances for sending emails with caution and adherence to usage policies. NCSC emphasizes explicit agreements, controlled environments, and clear communication for penetration testing. NIST provides guidelines for vulnerability testing, including proper authorization, containment, and ethical practices. All sources highlight the importance of careful planning and adherence to best practices to avoid causing harm or violating policies.
Technical article
Documentation from Microsoft Learn explains that Microsoft 365 offers advanced delivery policies to allow simulated phishing attacks for training purposes to bypass filters. These policies require configuration to identify the sending IP addresses and domains used for the simulations, ensuring legitimate tests are delivered while maintaining overall security.
16 Oct 2023 - Microsoft Learn
Technical article
Documentation from NIST provides guidelines for vulnerability testing, including considerations for safely handling potentially harmful content. It includes recommendations on obtaining proper authorization, implementing containment strategies, and adhering to ethical testing practices.
25 Dec 2024 - NIST Website
Are spam trigger word lists accurate and should I be concerned about them?
Are spam trigger word lists still relevant for email deliverability?
Are spam trigger words, PDF attachments, and links bad for email warm-up and deliverability?
Can an email template trigger spam filters and cause deliverability issues?
How can I effectively avoid spam filters when sending emails?
How can I intentionally deliver emails to the spam folder?
How to effectively use KBXSCORE for deliverability testing?
What are some funny examples of spam or phishing attempts targeting email marketers?
What are spam trigger words and how do they impact email deliverability?