The National Centre for Cyber Security has indicated that it is extending the reach of its Mail Check service beyond the initial focus on DMARC protocols.
In a blogpost on the progress of the service – which assesses an email server’s configuration to provide guidance on the implementation of security protocols – it says has already taken the first steps to encouraging wider use.
After making significant progress with DMARC (Domain Messaging Authentication Reporting and Conformance) it has introduced DKIM (Domain Keys Identified Mail) analysis, which enables the receiver to check that an email was authorised to come from the owner of the domain from which it claims to come.
NCSC is also testing email server configuration for TLS (Transport Layer Security) and has more features in the pipeline for Mail Check.
In addition, it is looking to provide more support for local government after the original focus on Whitehall.
The blog highlights the progress with Mail Check, saying it now has just under 1,000 users with more coming onboard, and is used by 89% of central government departments. Of these 77% have implemented at least a basic DMARC policy.
It also points to an analysis which shows that organisations using a DMARC policy are much more likely to reject or quarantine spoofed email.
DMARC was implemented in November 2016 with a push from HM Revenue & Customs, and by July of this year was reported to have blocked half a billion phishing emails.
NCSC’s recently published annual review pointed to a significant take-up of two of its other services for the public sector, Web Check and the Protective Domain Name System. The latter has blocked attempts to access over 30 million malicious websites.
Image from GOV.UK, Open Government Licence v3.0
