NCSC's email security check service

Use this free online tool to protect your business against email spoofing and hijacking

The National Cyber Security Centre (NCSC) has added another useful tool to the collection of services it provides to UK businesses. Their free Email Security Check tool allows private sector organisations to scrutinise the strength of their email security in a bid to reduce the risk of cyber attacks.

Businesses can use the tool to look up any email domain to check if it has recommended security measures in place to prevent email spoofing and to protect email privacy.

Anti-spoofing checks

The tool checks to see if anti-spoofing protocols - such as domain-based message authentication, reporting and conformance (DMARC) - have been configured correctly to help prevent cyber criminals from sending emails claiming to be from a business.

Privacy protocols checks

The tool also checks if privacy protocols, such as transport layer security (TLS), are in place to ensure that emails are encrypted when in transit so they cannot be accessed and remain confidential between mail servers.

All checks are carried out using publicly available online domain information. No sign-up or personal details are required to use this tool.

Access the Email Security Check service from the NCSC.

The tool aims to help you quickly identify issues with the security of your email domains so you can bolster your defences using the detailed NCSC guidance on email security and anti-spoofing.

However, the tool cannot check if an individual email or email domain is malicious. If you receive a suspicious email, you should report it to the NCSC by forwarding to report@phishing.gov.uk.

First published 16 June 2022