UK must use DMARC for email by Oct


By Dylan Bushell-Embling
Monday, 11 July, 2016


UK must use DMARC for email by Oct

The UK’s Government Digital Service (GDS) has mandated that all UK government websites — as well as all email communications between central government organisations and accounts outside of the dedicated Public Service Network — use encryption by October 2016.

The government body has also announced a requirement for government organisations using the service.gov.uk subdomain for email to use the new DMARC authentication protocol to further protect government communications.

DMARC, or domain-based authentication reporting and conformance, is designed to allow email senders to verify legitimate messages and set policies for handling authentication messages.

The GDS has stipulated that from 1 October, all government agencies will need to set the DMARC policy to the highest level, which involves rejecting unauthenticated messages before they arrive in a user’s inbox.

In a recent blog post, Easy Solutions anti-fraud solutions consultant Matthew Platten said the GDS decision is good news for the government, and great news for the public.

“A strong email authentication system is one of the most effective means of ensuring that recipients are reading messages only from the intended sender and not someone spoofing a legitimate organisation,” he said.

“The UK government’s implementation of DMARC means that cybercriminals will no longer be able to spoof the service.gov.uk domain, a tremendous boon to government agencies and citizens alike. Restoring trust in email communications is paramount for legitimate organisations, and other governments and enterprises would be well advised to follow in the UK’s footsteps.”

He said spam-based phishing attacks lead to global losses of more than £1.4 billion ($2.39 billion) per year.

Image courtesy of AJC under CC

Related Articles

The machine identity gap putting public sector data at risk

While there is an increased focus on AI and secure data access, many agencies still lack a...

Access management remains a major problem at many Australian councils

As AI starts to be used more widely in the local government sector, further granularity around...

Australia's next Budget must treat cyber resilience as essential infrastructure

The federal Budget needs to make cyber resilience a core investment priority across AI...


  • All content Copyright © 2026 Westwick-Farrow Pty Ltd