UK must use DMARC for email by Oct


By Dylan Bushell-Embling
Monday, 11 July, 2016


UK must use DMARC for email by Oct

The UK’s Government Digital Service (GDS) has mandated that all UK government websites — as well as all email communications between central government organisations and accounts outside of the dedicated Public Service Network — use encryption by October 2016.

The government body has also announced a requirement for government organisations using the service.gov.uk subdomain for email to use the new DMARC authentication protocol to further protect government communications.

DMARC, or domain-based authentication reporting and conformance, is designed to allow email senders to verify legitimate messages and set policies for handling authentication messages.

The GDS has stipulated that from 1 October, all government agencies will need to set the DMARC policy to the highest level, which involves rejecting unauthenticated messages before they arrive in a user’s inbox.

In a recent blog post, Easy Solutions anti-fraud solutions consultant Matthew Platten said the GDS decision is good news for the government, and great news for the public.

“A strong email authentication system is one of the most effective means of ensuring that recipients are reading messages only from the intended sender and not someone spoofing a legitimate organisation,” he said.

“The UK government’s implementation of DMARC means that cybercriminals will no longer be able to spoof the service.gov.uk domain, a tremendous boon to government agencies and citizens alike. Restoring trust in email communications is paramount for legitimate organisations, and other governments and enterprises would be well advised to follow in the UK’s footsteps.”

He said spam-based phishing attacks lead to global losses of more than £1.4 billion ($2.39 billion) per year.

Image courtesy of AJC under CC

Related Articles

Building secure AI: a critical guardrail for Australian policymakers

While AI has the potential to significantly enhance Australia's national security, economic...

Building security‍-‍centric AI: why it is key to the government's AI ambitions

As government agencies test the waters of AI, public sector leaders must consider how they can...

State government agencies still struggling with securing user access

Audit reports have shown that Australian government agencies in four states experience challenges...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd