Dear Home Office,

I am writing to respectfully make a formal request in accordance with the Freedom of Information Act 2000.

The privacy of emails sent via the @homeoffice.gov.uk domain is at risk. This domain does not appear to have MTA-STS configured. This means that email privacy (using TLS) is vulnerable to downgrade, allowing an attacker to read the contents of emails.

My request is as follows:-

1. Please can the department confirm why it has opted not to use MTA-STS as a potential CySec safeguard when communicating via email on the @homeoffice.gov.uk domain name?

2. Please can the department provide disclosure of its email security classifications policy.

3. Please can the department provide disclosure of the number of security incident reports made internally and/or externally which relate to concerns surrounding email security.

If I am able to provide any further information in support of this request, please do not hesitate to contact me.

Yours faithfully,

Ryan Jarvis

Dear Home Office,

Thank you for your response dated the 5th December 2022.

I wish to clarify point 3 of my request which should have read:-

3. Please can the department provide disclosure of the number of security incident reports made internally and/or externally which relate to concerns surrounding email security between the period May 2018 - May 2022.

I hope this is of some assistance when considering my request.

Yours faithfully,

Ryan Jarvis