The United Kingdom’s National Cyber Security Centre (NCSC) has launched a Service namely, Email Security Check Tool that can be used by organizations to identify vulnerabilities pertaining to spoofing in mailing systems and issues related to breaches of privacy. This tool requires no sign-ups and personal details and is available online, free of cost.
Spoofing is a type of attack in which an attacker forges the ‘From’ address, of an email message thereby convincing the recipients that they are interacting with a verified and trusted source. DMARC is an email authentication method meant to thwart the attempts of such people from spoofing organizations and domains.
NCSC found out that certain UK sectors had a very casual approach as far as following the guidelines on email security controls was concerned. In response, NCSC developed this tool so that publicly available information about Email Domains, and the privacy risks associated with them, could be looked up and necessary measures taken.
The Email security check tool uses the following methods:
- Checks the DNS records of the mail domain and verifies the presence of anti-spoofing controls, and whether they have been deployed and correctly configured as defined in the DMARC policy, so that organizations can prevent the hackers from sending out fake and malicious emails.
- Checks if privacy protocols like TLS (Transport Layer Security) have been used to encrypt emails during their transfer, so that they remain confidential and can only be accessed by the authorized sender and recipient.
How it Works:
1. Navigate to the Email Security Check tool using the link provided at the end of this article.
2. Type the name of the mail domain to be checked (only the part after the @) and click on ‘Check Domain’
3. Go through the result carefully to study the vulnerabilities so that appropriate measures can be taken.
The goal of the tool is only to identify the vulnerabilities and report them so that organizations can plug all loopholes before hackers do their job. For further help and assistance in securing emails, NCSC offers a free ‘Mail Check Service’ to Government Sectors, Local Authorities, Academia and more. Unfortunately, this service isn’t yet available for the Private Sector.
NCSC has plans to introduce MTA-STS testing soon apart from checking for spoofing and privacy controls. Despite using powerful security protocols like TLS, a hacker can trick incoming connections to send emails to unauthorized servers to access and read them. MTA-STS is a new powerful standard that has been developed to address these loopholes.
One drawback of this tool is that it cannot verify if a particular email is harmful and malicious. Therefore Organizations and Individuals receiving suspicious emails should make it a habit to forward them to firstname.lastname@example.org and bring it to the notice of concerned authorities for corrective action.
Email Security Check tool can really help organizations to bolster their defenses so that life could become increasingly harder for the hackers in an otherwise vulnerable world.
Click here to use the Email Security Check tool.