The UK’s National Cyber Security Center (NCSC) has announced a new email security checking service to help organizations identify vulnerabilities that could allow attackers to spoof emails or compromise email privacy.
The email security check tool states that it does not require sign-up or personal information.
This service was developed in response to the fact that some sectors in the UK have adopted little recommended email security measures (in some cases only 7%), as described in the NCSC’s Guidance on Email Security and Anti-Spoofing and is currently available online free of charge.
Email Security Check is a feature that allows you to examine publicly available information about your e-mail domain and check for risks related to spoofing and privacy.
It works by checking DNS records on the publicly available Internet to ensure that anti-spoofing measures (especially DMARC policies) are properly configured, and by initiating a “handshake” of the server to verify TLS settings.
Check that anti-spoofing standards such as DMARC are properly configured to help prevent cybercriminals from exploiting the domain and sending malicious emails pretending to be from your organization. It also checks to see if privacy protocols such as TLS are in place.
While the Email Security Check service can only identify vulnerabilities that cybercriminals can find, its purpose is to help organizations identify vulnerabilities before they are exploited and the email domain becomes a target of attack.
Eligible organizations can also sign up for NCSC’s free “Mail Check” service for more in-depth guidance on email security.
However, mail checks are not currently offered to the private sector and are only available to central government, local authorities, local government agencies, emergency services, NHS organizations, academic institutions and charities.
NCSC’s new email security check tool identifies what users can do to prevent identity theft and protect their privacy, and offers practical advice on how to stay safe
Following the recommended practices can help organizations strengthen their defenses, show that they are serious about security, and make cyber attacks more difficult.
This tool can verify that an email domain is secure, but it cannot verify whether an individual email or email domain is malicious.