Domain server

NCSC’s free email security check detects domain issues

A new tool from the National Cyber ​​Security Center (NCSC) promises to help organizations check whether their email security settings are up to snuff.

The Email Security Check service was launched yesterday by the security body, which is part of the British spy agency GCHQ.

It is designed to look up publicly available information about anti-spoofing standards like DMARC to verify that they are set up correctly. DMARC is designed to prevent scammers from abusing legitimate domains to send spoofed phishing emails.

The research found that organizations are still not applying the protocol correctly. Only ‘p=reject’ will prevent suspicious emails from being sent to customer inboxes, but reports last year claimed that UK banks and retailers were not following this best practice.

The new NCSC service also checks whether privacy protocols such as TLS are in place on specific domains to ensure that emails are encrypted in transit. This means that they are not accessible and will remain confidential during their journey between mail servers.

The email verification service does not require any registration process or the entry of personal data. Tech teams can get started right away and then use NCSC’s guidance on email security and anti-spoofing to resolve any issues reported by the tool.

More detailed guidance on implementing the recommended standards is available by subscribing to NCSC’s free Mail Check service. However, this is only available to organizations in specific industries.

As part of its efforts to make the UK the safest place to live and work online, the NCSC recently extended mail and online check eligibility to UK schools.

Paul Maddinson, director of national resilience and strategy at NCSC, said Email Security Check will help organizations strengthen their cyber defenses, demonstrate that they take security seriously and make life harder for cybercriminals.

“Email plays a central role in how organizations communicate on a daily basis, so it’s critical that technical teams have measures in place to protect email systems from abuse,” he added.