Closed engagement. By request only.

Find out if your domain
can still be spoofed.

Authex Red is a closed-access email red team. We test your authentication defences in production and show, with evidence, whether spoofed or unauthenticated mail still reaches your users. Authorized domains only. Paired with Authex Labs.

Request assessment

A clear answer to one question.

Can mail that pretends to come from your domain still land in your users' inboxes? We test it in production and show you what the receiver actually does.

Answer

Yes or no, with proof.

You walk away knowing whether your defences hold in production. The receiver's behaviour is the answer, not a checklist.

Report

Severity-ranked findings.

A written report your board can read and your engineers can action. Each finding is scored, evidenced, and prioritised.

Path to fix

Handoff to Authex Labs.

Every finding maps to fix work in Authex Labs. When the report lands, the next step is already scoped.

Domain owners with
authority to test.

Authex Red is a closed engagement run by the Authex Labs team. There is no public sign-up. Every request is reviewed by hand and bound to a written scope.

By request only

No sign-up. No trial. No download.

Engagements start with a request. We reply within two business days.

Authority verified

We confirm you can authorize the test.

Identity, organization, and domain authority are verified before any work begins.

Scope in writing

Every engagement is fenced.

Domains, recipients, timing, and abort conditions are agreed in writing. Anything outside that scope is out.

Run by Authex Labs

Small team. Manual review. Vetted operators.

No outsourced delivery. No subcontractors. The same team that builds Authex Labs runs the engagement.

Authex Red finds the gap.
Authex Labs closes it.

One team, two services. Findings from Authex Red feed directly into Authex Labs' remediation work. No second vendor. No handoff drift.

Visit Authex Labs

Start with one
short request.

Tell us your domains, the recipients you control, and what you want to learn. We reply within two business days. Authority over each domain is verified by a DNS TXT challenge during onboarding, before any work begins.

→ This form is a request. It is not authorization.
→ No work begins until a written scope is signed by both sides.
→ We decline where authority over the domain cannot be verified.

Full name

Work email

Organization

Role / title

Domains in scope

Authority over each domain is verified by a DNS TXT challenge during onboarding.

Recipients in scope

Mailboxes you control and can monitor. Leave blank to confirm during onboarding.

What do you want to learn?

I have authority to authorize security testing against this domain and any recipient mailboxes listed, on behalf of the named organization. I understand Authex Red is a closed, request-only service. Submission is not authorization, and Authex Labs may decline at its discretion. I have read and agree to the Privacy Notice and Service Terms. I consent to Authex Labs processing this submission to review and respond to my request.

Authex Labs will use this submission only to evaluate and respond to your request. Submissions are not shared with third parties. Data retention details are in the Privacy Notice.

Find out if your domain can still be spoofed.