NCSC’s free email security check detects domain issues

A new tool from the National Cyber ​​Security Center (NCSC) promises to help organizations check whether their email security settings are up to snuff.

the Email Security Check The service was launched yesterday by the security body, which is part of the British spy agency GCHQ.

It is designed to look up publicly available information about anti-spoofing standards like DMARC to verify that they are set up correctly. DMARC is designed to prevent scammers from abusing legitimate domains to send spoofed phishing emails.

The research found that organizations are still not applying the protocol correctly. Only ‘p=reject’ will prevent suspicious emails from being sent to customer inboxes, but reports last year claimed that UK banks and retailers were not following this best practice.

The new NCSC service also checks whether privacy protocols such as TLS are in place on specific domains to ensure that emails are encrypted in transit. This means that they are not accessible and will remain confidential during their journey between mail servers.

The email verification service does not require any registration process or the entry of personal data. Technical teams can start immediately and then use the NCSC advice on email security and anti-spoofing to resolve issues reported by the tool.

More detailed guidance on implementing the recommended standards can be viewed by registering for free with the NCSC. Mail verification service. However, this is only available to organizations in specific industries.

As part of its efforts to make the UK the safest place to live and work online, the NCSC recently extended mail and online check eligibility to UK schools.

Paul Maddinson, director of national resilience and strategy at NCSC, said Email Security Check will help organizations strengthen their cyber defenses, demonstrate that they take security seriously and make life harder for cybercriminals.

“Email plays a central role in how organizations communicate on a daily basis, so it’s critical that technical teams have measures in place to protect email systems from abuse.” he added.