Background – what is spoofing?
Email ‘spoofing’ is the forgery of an email address to give the appearance of being sent from someone or somewhere other than the actual sender. In other words, hiding one’s identity or faking the identity of another user / organisation in an email.Some senders of spoofed emails are from NHS organisations and they are spoofing for operational reasons. For example, they may have a contract with a mailing company for sending out newsletters to staff or reminders to patients.Other spoofed emails are scams or malicious and are attempting to lure users into clicking on links or providing sensitive information.Operational emails have been spoofed in the past because there has not been the ability to link internet-based mailing tools into the NHSmail Service using standard methods based on SMTP / POP / IMAP.
Spoofed emails are now being marked with the following message informing the recipient they are receiving a spoofed email:
—This email is being marked as junk as the message was sent from an email address external to NHSmail but gives the appearance of being from an NHSmail address.Verify the sender and content is legitimate before acting upon information contained within. You must also notify the sender to advise that they will need to take action to stop ‘spoofing’ @nhs.net. —
Why is spoofing going to be stopped?
NHSmail is introducing an approach to prevent emails being sent from spoofed @nhs.net addresses from being delivered into NHSmail inboxes.
This is being introduced to protect the NHSmail Service and to ensure that senders are sending emails legitimately from @nhs.net addresses.
How are the changes being implemented?
The changes being introduced will prevent the practice of spoofing @nhs.net addresses and will be introduced in two stages, which have now started:
Phase one: Any emails spoofing the @nhs.net name are now being directed to a user’s ‘junk’ mailbox instead of the inbox. This means the user will still receive the email, but they will have to search for it in their junk mail folder. This change reinforces the text warning that the email is spoofed and should be treated carefully. We explain below how to ensure operational emails can continue to be delivered to email inboxes.
Phase two: Any emails continuing to spoof at @nhs.net will be deleted from the NHSmail Service and will not be delivered to a user’s account.
When will the changes come into force?
Phase One
31 October 2018
One Spoofed email delivered into NHSmail account junk mail folders
Phase Two
Early Spring 2019
Spoofed emails will not be delivered to NHSmail accounts
Specific dates for phase 2 will be communicated to NHSmail Local Administrators, Users and known suppliers as soon as they are confirmed.
