High profile brands are widely spoofed by attackers using phishing emails and spreading malware. This reduces trust in these brands and allows phishing and malware campaigns to be more effective.
Email spoofing is much harder if domain owners adopt Domain-based Message Authentication, Reporting and Conformance (DMARC). DMARC helps email domain owners to control how their email is processed. Organisations that deploy DMARC can ensure that their addresses are not successfully used by criminals as part of their campaigns.
DMARC is the solution
It's safe and easy to get started using DMARC. Setting a 'monitor-only' DMARC policy gives you information on how email is being sent from your domain, without effecting delivery. Using the information gathered, you can then move on to a policy which blocks spoofed emails and leaves legitimate email unaffected.
The NCSC is committed to helping the public-sector lead in deploying DMARC, and to do so, we are prioritising 5,322 Central Government domains for adoption in the first instance.
How Mail Check helps
Mail Check is the NCSC’s platform for assessing email security compliance. It collects, processes and analyses DMARC reports from across the public sector.
Within Mail Check, DMARC reporting for your domain is only visible to your organisation and the NCSC.
Mail Check is under active development and is constantly being improved. We're working on features to allow individual domain owners to perform their own analysis of the failures related to their domains, and for the NCSC to help analyse all data for the public sector.
Our plan is to give all Central Government departments access to Mail Check. This will provide them with the essential data needed to set domain policies so that spoofed emails are rejected by receivers.