News & Insights

E-mail Security

13 May 2022Consultancy, Cyber Awareness
E-mai Security

E-mail security is one of the biggest attack vectors for organisations across the world. Luckily, the NCSC recently launched a new FREE E-mail Security Tool at the recent CYBERUK2022.

The tool has been specifically designed to identify vulnerabilities that can lead to e-mail spoofing and/or email privacy being breached to further secure you organisations defences.

Its estimated that Microsoft OFfice 365 blocked 1000 e-mails every second in 2021 due to being malicious which totals more then 35.7 billion e-mails.

This tool which can be found here requires no sign up or personal details and should be used as a platform for your technical teams to quickly identify and resolve known and unknown vulnerabilities to Fourtify your defence.

If your organisation is: Central Government / Local Authority / Emergency Services / NHS Organisations / Academia or Charities, you can also take advantage of Mail Check.

The NCSC states that Mail Check provides a secure, easy to use web tool that allows you to:

  • Shared security dashboard: Mail Check will let you create a shared dashboard view of the security of your domains with your colleagues. You can drill into the detail from this dashboard.
  • Anti-spoofing configuration checks: Determine whether your email domains are correctly configured with anti-spoofing controls SPF, DKIM and DMARC. We will explain these standards, provide feedback about the strength of the controls you have in place, highlight any configuration mistakes, and guide you through improvements. Note that these checks are based on publicly available information from the public Domain Name System (DNS)
  • DMARC reporting: Critical in your implementation of anti-spoofing controls. Mail Check can collate, enrich and simplify analysis of aggregate DMARC reporting. This reporting is based on feedback from recipients of emails from your domain, helping you understand which systems are sending emails on your behalf, whether the recipient could trust that email really came from your organisation, and help you identify and fix configuration issues. It will also highlight the extent to which your domain is already being abused. Note that aggregate DMARC reporting does not include sensitive information about emails, such as full email addresses, subjects, or email contents.
  • TLS security checks: Mail Check will initiate an email conversation with your email server (but without actually sending an email). This allows us to assess if there are risks to the privacy of your emails related to your TLS configuration, which could include using out of date versions of the TLS standard, insecure encryption cyphers, or invalid certificates.
  • Helping you implement MTA-STS: Mail Check will check and advise on the implementation of the standard MTA-STS, that prevents an attacker from removing the TLS privacy on your emails. Alongside this, Mail Check can also process TLS-RPT reports to support your implementation.
  • Notifications: Mail Check will generate email notifications to alert you if there have been changes in your email security

If you’d like to discuss your e-mail security further, speak to the team today: