The National Cyber Security Center (NCSC) in the United Kingdom has launched a new email security check service to assist businesses in identifying vulnerabilities that could allow attackers to fake emails or lead to email privacy breaches. The government body in charge of the UK’s cyber security mission claims that the Email Security Check tool does not require any registration or personal information.
As indicated in NCSC’s recommendations on email security and anti-spoofing, this service was developed and is now available online for free as a direct response to several UK industries having only a superficial adoption of recommended email security safeguards (as low as 7% in some situations).
Defenders can use Email Security Check to check for anti-spoofing and email privacy issues by looking up publicly available information about email domains.
It operates by reviewing publicly available internet DNS records to see if anti-spoofing restrictions (particularly the DMARC Policy) and TLS configurations (by beginning a server “handshake”) are configured appropriately.
According to the NCSC, “it ensures that anti-spoofing standards, such as DMARC, are effectively configured to help organizations prevent cyber criminals from leveraging their domain and sending harmful emails purporting to be them.”
“It also looks to see if privacy methods like TLS are in place to ensure that emails are encrypted while in transit so that they can’t be read and remain private between mail servers.”
The goal of the Email Security Check service is to assist organizations in spotting vulnerabilities before they are exploited and the email domain targeted in attacks.
Signing up for the NCSC’s free Mail Check program gives eligible firms access to further “in-depth information” on safeguarding their email.
Mail Check, on the other hand, is now only available to central government, local governments, devolved governments, emergency services, NHS organizations, universities, and charities, and is not available to the commercial sector.
“Our new Email Security Check tool assists users in identifying areas where they can improve to prevent spoofing and protect privacy, as well as providing practical advice on how to stay secure,” said Paul Maddinson, NCSC Director of National Resilience and Strategy.