NCSC's Free Email Security Check Spots Domain Issues

Written by

A new tool from the National Cyber Security Centre (NCSC) promises to help organizations check whether their email security settings are up to par.

The Email Security Check service was launched yesterday by the security body, part of UK spy agency GCHQ.

It’s designed to look up publicly available information on anti-spoofing standards like DMARC to check they’re configured correctly. DMARC is designed to prevent scammers from abusing legitimate domains to send out spoofed phishing emails.

Research has revealed that organizations are still not implementing the protocol correctly. Only “p=reject” will prevent suspicious emails from being sent to customer inboxes, yet reports last year claimed UK banks and retailers were failing to follow this best practice.

The new NCSC service also checks whether privacy protocols like TLS are in place on specific domains to ensure emails are encrypted in transit. This means they can’t be accessed and will remain confidential on their journey between mail servers.

The email check service requires no sign-up process or personal details to be entered. Technical teams can get going straight away and then use the NCSC’s guidance on email security and anti-spoofing to fix any issues flagged by the tool.

More in-depth guidance on implementing the recommended standards can be accessed by signing up for the NCSC’s free Mail Check service. However, this is only available for organizations in specific sectors.

As part of its efforts to make the UK the safest place to live and work online, the NCSC recently expanded eligibility for both Mail Check and Web Check to UK schools.

Paul Maddinson, NCSC director for national resilience and strategy, said Email Security Check would help organizations enhance their cyber-defenses, demonstrate they take security seriously and make life harder for cyber-criminals.

“Email plays a central role in how organizations communicate every day so it’s vital that technical teams have measures in place to protect email systems from abuse,” he added.

What’s hot on Infosecurity Magazine?