Issue Description: The NHSmail Service experiences periodic issues relating to deny-listing. This is where external email and spam filtering services block email being sent from NHSmail to other email providers.
Real Time Blackhole Lists (RBL) is a measure employed across the industry to identify and block unsolicited (spam/phishing) email. There are thousands of RBL services operating using their own business rules. RBL services operate reactively and automatically deny-list network addresses. Receiving systems (e.g. other email providers) will typically check incoming email against one or multiple RBL provides. If the email is being sent from a listed system, the email is then rejected by the recipient system or the email is delivered to the recipient’s junk folder. Due to this, email to and from the Internet is never guaranteed for delivery.
The NHSmail Email Gateway has been designed to minimise the occurrences of RBL listing. Despite all the active design improvements there is still a residual risk that email across the Internet (i.e. to external domains such as Gmail/Hotmail/Outlook.com) cannot be guaranteed for delivery. Proactive monitoring is in place to identify when deny-listing occurs to ensure the NHSmail Team can respond as quickly as possible to apply for de-listing. The de-listing process is dependent on third party organisations’ process and can take several hours for the process to complete.
User Impact: Users may receive a non-delivery receipt following trying to send an email to an external email domain – for example, email@example.com. Email sent to external domains that block NHSmail will not be received by the recipient. Users may alternatively find that email may be delivered to the junk folder of recipient’s mailboxes.
Guidance for Users:
The NHSmail Team continue to work with the third party providers to apply for de-listing. This can take several hours for resolution. Users do not need to report these issues to the NHSmail Helpdesk.
Guidance for NHSmail LOAs:
The NHSmail Team continue to work with the third party providers to apply for de-listing. This can take several hours for resolution. LOAs do not need to report these issues to the NHSmail Helpdesk.
If your organisation relies on sending or receiving email to and from the Internet, you should ensure:
- You know which systems rely on sending and receiving email to and from the internet and the business impact for each system if email is blocked
- Have a business continuity plan in place for business critical services
- You have monitoring systems in place to detect message delivery issues
- Your systems have the ability to re-send messages that have not been delivered both individually and in bulk
- Those sending you email also have the ability to re-send messages that have not been delivered both individually and in bulk
- Your organisation is able to sustain not being able to send or receive email for up to four days to/from internet addresses
- Where you have a reliance on time critical guaranteed communication you should have alternative methods of communication in place such as system to system electronic data interchange N.B. SMS messaging is not a guaranteed or secure delivery method
- Outgoing email is scanned for spam and viruses before being sent
Guidance for External Email Services (e.g. NHS.UK and secure government email services):
It is highly unlikely that email delivery between NHSmail, secure government email services and HSCN hosted NHS.UK email services will ever be impacted by deny-listing. However, we recommend that organisations allow-list the previously provided and current NHSmail deliver IP address to avoid receipt issues from NHSmail. This will reduce the residual, highly unlikely, risk of NHSmail being blocked by local reputational databases.