We have implemented the final phase of the security improvements around the blocking of all emails spoofing @nhs.net from the NHSmail service. This means that these emails will not be received by end users.
As a temporary measure, from 13 August 2019, we will send intended recipients of spoofed emails a notification email informing them that a spoofed email intended for them has been blocked and that they should contact the sender or their Local Administrator.
The notification email is sent to ensure that the recipient is aware of an email they were intended to receive so that they can take appropriate action to either have the information sent through alternative means or to prompt the sender of the email to stop spoofing.
We will let Local Administrators know before we switch off this temporary measure, so that they can let their users know.
If Local Administrators need to escalate the impact of these changes from a clinical safety perspective they should email firstname.lastname@example.org providing a supporting clinical safety assessment from their organisation’s clinical safety officer.
By blocking these emails, we are improving our resilience to global threats and improving the security of the NHSmail service.
Note: The NHSmail helpdesk will not be able to assist users with further information and users will be directed to their local IT support team for help.