The National Cyber Security Centre recently launched a free Mail Check tool as part of their Active Cyber Defence programme, which assists in checking the security configuration of a school’s email servers.
Phishing emails continue to be a significant threat across our UK schools, and many are unaware that a number of those malicious emails can easily spoof the sending address using the school’s own email domain. Attackers can use a school’s own email domain to give the targeted phishing email a higher level of legitimacy and success of compromise. This can make our task more difficult at Cyber Education when educating and helping staff to spot a Phishing email, as it removes one of the quickest indicators teachers would use to identify a suspicious email.
Schools can make it much harder for an attacker to use this method by adopting a simple email domain configuration called Domain-based Message Authentication, Reporting and Conformance (DMARC).
At Cyber Distribution, we have found that many schools don’t have this configured and need support to implement it and this free mail check tool will help schools to identify if DMARC is implemented correctly. Following that, we can offer guidance on how to implement it.