NCSC unveils email security-checking tool for private sector organisations at CYBERUK

An image showing the NCSC logo on its website under a magnifying glass
(Image credit: Shutterstock)

The National Cyber Security Centre (NCSC) has released a brand-new tool for businesses to check the strength of their email security in a bid to reduce the number of cyber attacks they suffer.

Announcing the new service at the organisation’s annual CYBERUK conference, Email Security Check will assess if a business is vulnerable to attacks by checking two aspects of cyber security using publicly available online domain information.

The online service will check to see if anti-spoofing protocols such as domain-based message authentication, reporting and conformance (DMARC) have been configured correctly which can help prevent cyber criminals from sending emails purporting to be from a business.

DMARC helps businesses verify their email headers which will ensure emails sent from inside the organisation are trusted by the receiver, while those sent by cyber criminals attempting to spoof the company through email scams are seen as untrusted and less likely to be opened.

The second aspect of cyber security assessed by Email Security Check is email privacy. It does this by checking for privacy protocols such as transport layer security (TLS) are implemented in an organisation’s email client.

TLS is an industry-standard method of encrypting data between senders and can be found in most modern email providers. Building on the work from secure sockets layer (SSL), TLS ensures email communications cannot be hijacked and tampered with while in transit.

The NCSC said Email Security Check is a developing service and it will be adding more features “in the near future”.

The cyber organisation also said the service should not be confused with one that checks domains or individual emails for malicious activity. All suspicious emails should be reported to internal IT teams and the NCSC at


The state of email security 2022

Confronting the new wave of cyber attacks


“Email plays a central role in how organisations communicate every day so it’s vital that technical teams have measures in place to protect email systems from abuse,” said Paul Maddinson, NCSC director for national resilience and strategy.

“Our new Email Security Check tool helps users identify where they can do more to prevent spoofing and protect privacy and offers practical advice on how to stay secure.

“By following the recommended actions, organisations can help bolster their defences, demonstrate they have taken security seriously, and make life harder for cyber criminals.”

The tool is a stripped-back version of the existing Mail Check service offered by the NCSC, which is another free initiative that checks for DMARC and TLS compliance but is only available to public sector entities.

According to NCSC figures, organisations’ adoption of recommended controls varies wildly with some having just 7% of the bare minimum security measures in place.

The Email Security Check website was made available today and requires no details, personal or otherwise, from the user to access the service.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.