1. Purpose of this Guide
This artefact proves your company’s mail servers are securely configured and resilient against phishing, spoofing, and insecure email transport. Cyber Essentials requires this because weak email security leaves your castle gates wide open to attackers who exploit insecure mail servers to impersonate your staff or steal sensitive information.
2. What You Will Submit
You will need:
-
A report generated via StrongKeep’s dashboard, which pulls directly from the CSA Internet Hygiene Portal (IHP).
-
This report will include:
-
Overall Mail Server Security Score.
-
TLS/STARTTLS support status.
-
Validity of security certificates.
-
Email authentication checks (SPF, DKIM, DMARC).
-
DANE validation and phishing prevention features.
-
3. How to Collect / Obtain / Generate This Evidence
For StrongKeep customers, this artefact is auto-generated:
-
StrongKeep will generate this report for you from our external scan of your servers.
-
Click Generate Report.
-
The system will fetch the latest results for your domain.
-
Download the report or screenshot the dashboard view.
No need to run manual scans — StrongKeep fetches it for you, so you won’t have to joust with SPF records or TLS ciphers yourself.
4. Evidence Format
-
Accepted file types: PDF, PNG, JPG.
-
Suggested naming format:
YourCompanyName_MailServerIHP_YYYY-MM-DD.pdf
5. What “Good” Looks Like
-
Report shows a recent scan date (within the last 3 months).
-
Overall security score is green / high pass.
-
TLS protocols are enabled and valid.
-
SPF, DKIM, and DMARC all pass validation.
-
No red flags under phishing or spoofing protection.
Why it matters: auditors want assurance that your email infrastructure isn’t a weak link for attackers to slip phishing lances through.
6. Tips
-
Regenerate the IHP results shortly before audit submission, so it’s fresh.
-
If your score is low, fix mail server issues (SPF, DKIM, DMARC) and re-run before submitting.
-
Keep older reports — they help demonstrate continuous monitoring and improvement.