IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NCSC unveils email security-checking tool for private sector organisations at CYBERUK

The free service will focus on checking for TLS and DMARC compliance to protect against anti-spoofing and email hijacking

The National Cyber Security Centre (NCSC) has released a brand-new tool for businesses to check the strength of their email security in a bid to reduce the number of cyber attacks they suffer.

Announcing the new service at the organisation’s annual CYBERUK conference, Email Security Check will assess if a business is vulnerable to attacks by checking two aspects of cyber security using publicly available online domain information.

The online service will check to see if anti-spoofing protocols such as domain-based message authentication, reporting and conformance (DMARC) have been configured correctly which can help prevent cyber criminals from sending emails purporting to be from a business.

DMARC helps businesses verify their email headers which will ensure emails sent from inside the organisation are trusted by the receiver, while those sent by cyber criminals attempting to spoof the company through email scams are seen as untrusted and less likely to be opened.

The second aspect of cyber security assessed by Email Security Check is email privacy. It does this by checking for privacy protocols such as transport layer security (TLS) are implemented in an organisation’s email client

TLS is an industry-standard method of encrypting data between senders and can be found in most modern email providers. Building on the work from secure sockets layer (SSL), TLS ensures email communications cannot be hijacked and tampered with while in transit.

The NCSC said Email Security Check is a developing service and it will be adding more features “in the near future”.

The cyber organisation also said the service should not be confused with one that checks domains or individual emails for malicious activity. All suspicious emails should be reported to internal IT teams and the NCSC at

Related Resource

The state of email security 2022

Confronting the new wave of cyber attacks

Whitepaper cover with image of a man walking along a beach, with a line graph overlayFree Download

“Email plays a central role in how organisations communicate every day so it’s vital that technical teams have measures in place to protect email systems from abuse,” said Paul Maddinson, NCSC director for national resilience and strategy.

“Our new Email Security Check tool helps users identify where they can do more to prevent spoofing and protect privacy and offers practical advice on how to stay secure.

“By following the recommended actions, organisations can help bolster their defences, demonstrate they have taken security seriously, and make life harder for cyber criminals.”

The tool is a stripped-back version of the existing Mail Check service offered by the NCSC, which is another free initiative that checks for DMARC and TLS compliance but is only available to public sector entities.

According to NCSC figures, organisations’ adoption of recommended controls varies wildly with some having just 7% of the bare minimum security measures in place.

The Email Security Check website was made available today and requires no details, personal or otherwise, from the user to access the service.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Should you take your password manager off the internet?

Should you take your password manager off the internet?

28 Jul 2022