The National Cyber Security Centre (NCSC) in the United Kingdom has launched a new email security check tool to assist businesses in identifying vulnerabilities that might allow attackers to fake emails or lead to email privacy breaches.
The government body in charge of the UK’s cyber security mission claims that the Email Security Check tool does not require any registration or personal information.
As indicated in NCSC’s recommendations on email security and anti-spoofing, this service was developed and is now available online for free as a direct reaction to several UK industries having only a superficial adoption of recommended email security safeguards (as low as 7% in some situations).
Defenders may use Email Security Check to check for anti-spoofing and email privacy issues by looking for publicly accessible information about email domains.
It works by checking publicly available internet DNS records to verify if anti-spoofing controls (notably the DMARC Policy) are correctly configured and the TLS configuration by initiating a server “handshake.”
The NCSC stated, “It ensures that anti-spoofing standards, such as DMARC, are configured appropriately to help organisations prevent cyber criminals from misusing their domain and sending harmful emails purporting to be them.”
“It also checks to see if privacy mechanisms like TLS are in place to ensure that emails are encrypted while in transit so they can’t be read and stay private between mail servers.”
While the Email Security Check service will only be able to identify vulnerabilities discovered by hackers, its purpose is to assist enterprises in identifying vulnerabilities before they are exploited and the email domain targeted in attacks.
Signing up for the NCSC’s free Mail Check programme gives eligible firms access to further “in-depth information” on safeguarding their email.
However, Mail Check is presently only available to organisations from central government, local authorities, devolved governments, emergency services, NHS organisations, universities, and charities, and is not available to the private sector.
“Our new Email Security Check tool helps users discover areas where they can improve to avoid spoofing and safeguard privacy, as well as provide practical advise on how to keep secure,” said Paul Maddinson, NCSC Director of National Resilience.
“By taking the recommended activities, businesses may strengthen their defences, indicate that they care about security, and make life more difficult for cyber thieves.”
Although the programme can assess the security of email domains, it cannot determine if specific emails or domains are malicious. Those who receive strange emails should report them to [email protected], according to the NCSC.