Picture credit: Paul Downey, Open Government License
NCSC’s new London-based headquarters wasn’t the only thing we opened up last week, we also took the step of open sourcing the code behind one of our Active Cyber Defence projects. MailCheck is the tool we’re building to support our work on securing government email, and reducing phishing of public sector brands. It’s the technology behind the work mentioned in our previous blog, Making email mean something again.
It’s early days for MailCheck, but we’re keen to be transparent about what we’re doing. The work so far has focused on building a processing engine for aggregate DMARC reports to help us understand the extent of spoofing of public sector domains. Future releases will provide dashboards and tools to help public sector organisations understand the security configuration of their email services, as well as make sense of DMARC reports to take appropriate action. We’ll open source these new features as we add them.
For the uninitiated, DMARC stands for Domain-based Messaging and Reporting Conformance. It’s essentially a protocol you apply to your domains via DNS to help mail servers figure out whether email they receive claiming to be from one of your domains is legitimate or not. There is a great introduction to DMARC on the GOV.UK website, along with the email security standard we worked on with the Government Digital Service.
For the organisations looking to implement DMARC - and we hope this will be any of them with a brand that needs protecting - it's a simple matter of setting a few DNS records. The hard part is in making sense of the reports, and it's our goal to take the pain away for public sector organisations trying to do this.
Whilst it’s early days for the project so far, the code we’ve produced has been built to scale. We’re already processing DMARC reports for around 500 domains a week and believe the design we have will scale significantly. However if you’re working with DMARC on smaller projects, then some of the tools contained within our code base may still be of use, particularly our basic command line tool to process a folder of DMARC reports into different formats.
We expect to open source a number of other projects in the coming months on our GitHub account - we'll let you know when we do.
You’ll find the MailCheck source code at https://github.com/ukncsc/mail-check.
Chief Architect, NCSC