U.K. Releases New Email Security Check Service To Help Companies Vet Flaws

Share post:

The UK’s National Cyber Security Centre (NCSC) has released a free tool to help organizations check for email cybersecurity risks.

The new Email Security Check tool will help organizations identify vulnerabilities that could allow attackers to spoof emails or lead to privacy violations.

The tool checks publicly available internet DNS entries to verify that anti-spoofing controls and TLS configuration are configured correctly by initiating a server “handshake.”

“It checks that anti-spoofing standards such as DMARC are configured correctly to help organizations prevent cybercriminals from abusing their domain and sending out malicious emails pretending to be them. It also looks up whether privacy protocols such as TLS, are in place to ensure that emails are encrypted when in transit so they cannot be accessed and remain confidential between mail servers,” according to the NCSC.

Although it will only be able to identify vulnerabilities that cybercriminals can detect, its goal will be to help organizations identify these vulnerabilities before they are exploited and the email domain targeted in attacks.

One of the actions the tool can however not carryout is to check if individual emails or email domains are malicious. The NCSC advises anyone who receives suspicious emails to report them by forwarding them to report@phishing.gov.uk.

The tool is not currently available to the private sector. Eligible organizations include central government organisations, local authorities, devolved administrations, emergency services, NHS organizations, academia, and charities.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Google delays launch of new AI model Gemini

Google's highly anticipated AI model, Gemini, has had its launch rescheduled to early 2024, as reported by The...

Cyber Security Today, Week in Review for Friday, December 1, 2023

This episode features a discussion on ransomware, the latest explanation from Okta of a support hack and a survey of infosec pros whose firms w

Cyber Security Today, Dec. 1, 2023 podcast – More on Booking.com compromises

This episode reports on the sanctioning of the Sinbad crypto mixe

All Okta customer support users had their email addresses copied

Identity and access provider Okta now says the threat actor who accessed its customer help desk system last month got the names and email addresses of all contacts of organizations that use its support system. Originally, the company said that, after an investigation, it determined only one per cent of the contacts from its 18,000

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways