We posted previously about our work removing gsi-family domains from the public sector and why we are doing it.
This work is now complete and over 3,500 domains have been removed including:
- all gse.gov.uk domains
- all gcsx.gov.uk domains
- all gsx.gov.uk domains
- 2533 gsi.gov.uk domains - 83 remain (further details below)
We will continue to monitor the remaining domains for issues, but this work has removed the bulk of the risk of email spoofing and domain hijacking from misconfiguration for these domains. We expect that further work may be required in the future to completely remove gsi.gov.uk and to look at the domains that remain within the PSN (Public Services Network).
Since our previous blog, we’ve made the following changes:
- At the end of January 2023 we updated the Domain-based Message Authentication, Reporting and Conformance (DMARC) records to block email from any domain without its own DMARC record.
- At the beginning of March 2023 we suspended domains in the internet-facing zones for 72 hours to help identify any remaining services.
- At the beginning of April 2023 we permanently removed the internet-facing zones for gse.gov.uk, gcsx.gov.uk and gsx.gov.uk and the domains they contained. Most .gsi.gov.uk domains were also removed but a small number remain.
Please note that no PSN-facing zones were changed during this work.
What to do if you still have gsi-family domains
There are 83 .gsi.gov.uk domains remaining. If you still have one of these domains you should take steps now to remove it. If it still works for email, we recommend you change settings to start rejecting inbound email. You can also choose to include a bounce-back message giving senders the correct address.
You should also check public facing websites or documentation for mentions of gsi-family domains and remove them.