DWP Email Security & Classifications Policies
Ryan Jarvis made this Rhyddid Gwybodaeth request to Adran Gwaith a Phensiynau
Dear Department for Work and Pensions,
I am writing to respectfully make a formal request in accordance with the Freedom of Information Act 2000.
The privacy of emails sent via the @dwp.gov.uk domain is at risk. This domain does not appear to have MTA-STS configured. This means that email privacy (using TLS) is vulnerable to downgrade, allowing an attacker to read the contents of emails.
My request is as follows:-
1. Please can the department confirm why it has opted not to use MTA-STS as a potential CySec safeguard when communicating via email on the @dwp.gov.uk domain name?
2. Please can the department provide disclosure of its email security classifications policy.
3. Please can the department provide disclosure of the number of security incident reports made internally and/or externally which relate to concerns surrounding email security between the period May 2018 - May 2022.
If I am able to provide any further information in support of this request, please do not hesitate to contact me.
This is an automated confirmation that your request for information has
been received by the DWP FOI mailbox.
If your email is a valid Freedom of Information request, as per Section 8
of the FOI Act 2000, you can normally expect a response within 20 working
Please note that email FOI responses will be issued from
We recommend that you add this address to your email contacts otherwise
the response may be treated as Spam or Junk mail.
Should you have any further queries in connection with this request please
Information on the Department for Work and Pensions can be accessed on
gov.uk here - http://www.gov.uk/dwp
1. mailto:[email address]
Dear Ryan Jarvis,
I am writing in response to your request for information, received 6th
DWP Central FoI Team
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.Donate Now