Background – what is spoofing?
Email ‘spoofing’ is the forgery of an email address to give the appearance of being sent from someone or somewhere other than the actual sender. In other words, hiding one’s identity or faking the identity of another user / organisation in an email.
Some senders of spoofed emails are from NHS organisations, and they are spoofing for operational reasons. For example, they may have a contract with a mailing company for sending out newsletters to staff or reminders to patients.
Other spoofed emails are scams or malicious and are attempting to lure users into clicking on links or providing sensitive information.
Can spoofed email be received on the NHSmail Platform?
All emails that are spoofing @nhs.net from the internet or Health and Social Care Network (HSCN) will be deleted from the NHSmail service and will not be delivered to a user’s account.
What actions need to be undertaken to ensure business processes are not impacted?
Users should ensure they pro-actively check with any senders who may be sending spoofed email. Let the sender know that if they are spoofing an @nhs.net email address, they need to take action as their emails will be blocked due to the controls in place on the NHSmail platform.
Senders of spoofed email
If you send large volumes of email using an internet-based email service that is pretending to send from an @nhs.net email address, you are sending spoofed email. You should take immediate action to stop spoofing using one of the following options:
- SMTP – The SMTP protocol is available over the internet. Health and social care organisations should apply for an NHSmail application email account and send, legitimately, from an @nhs.net email address. The Applications Guide for NHSmail has more details on setting up access.
- No NHSmail account – senders without an NHSmail email account, who are currently spoofing, will need to send emails from their internet-based email domain using the proper name (for example, nhs.uk), rather than @nhs.net.
- Stop sending the spoofed emails.
Last Reviewed Date | 21/10/2022 |