A new tool designed to help organisations check their email security is up to scratch has been launched to help keep out cyber attackers.
The new Email Security Check service, from the National Cyber Security Centre – a part of GCHQ – helps organisations identify vulnerabilities affecting their email domain so they can take action to fix them.
The tool, launched on day one of the CYBERUK 2022 conference, enables users to look up any email domain to check whether it has recommended security measures in place to prevent cyber criminals sending out malicious emails and to protect email privacy.
Email Security Check requires no sign-up or personal details to use and is aimed at helping technical teams at organisations quickly identify issues so they can bolster their defences using NCSC guidance on email security and anti-spoofing.
Figures show the adoption of recommended controls across different sectors varies significantly at present, with some UK sectors having coverage as low as just 7%.
Paul Maddinson, NCSC Director for National Resilience and Strategy, said:
“Email plays a central role in how organisations communicate every day so it’s vital that technical teams have measures in place to protect email systems from abuse.
“Our new Email Security Check tool helps users identify where they can do more to prevent spoofing and protect privacy and offers practical advice on how to stay secure.
“By following the recommended actions, organisations can help bolster their defences, demonstrate they taken security seriously, and make life harder for cyber criminals.”
Email Security Check looks up information about domains that is already publicly available online and checks for two important areas of cyber security: anti-spoofing and email privacy.
It checks that anti-spoofing standards, such as DMARC, are configured correctly to help organisations prevent cyber criminals from abusing their domain and sending out malicious emails pretending to be them.
It also looks up whether privacy protocols, such as TLS, are in place to ensure that emails are encrypted when in transit so they cannot be accessed and remain confidential between mail servers.
The new tool is designed to help users quickly check email security vulnerabilities and offer security advice. Eligible organisations can access more in-depth guidance on implementing the recommended standards by signing up for the NCSC’s free Mail Check service.
Email Security Check is a developing service and new features will be added in the near future to help organisations enhance their defences.
While anyone can access the service to check the security of email domains, the tool cannot check if an individual email or email domain is malicious. If individuals receive a suspicious email, they should report it to the NCSC by forwarding to firstname.lastname@example.org.