This is aimed at both e-mail and website administrators and assumes a basic knowledge of network technologies and DNS (Domain Name System) in particular. It aims to answer good practice associated with integrating DNS within N3 and on the internet.
Email policy for the nhs.uk domain
The NHS needs to be able to assure the quality, timeliness and accuracy of DNS entries for domains delivering nationally important applications. These include:
- SMTP (Simple Mail Transfer Protocol) mail
- external (www) web sites or applications
- internal (nww) web sites or applications
Domains delivering these nationally important applications, such as SMTP mail or external websites, should be hosted on the central NHS Domain Name Server (DNS).
We have a duty to ensure that the NHS brand as a whole is kept the same to the general public and to reduce unnecessary web proliferation.
Website policy for the nhs.uk domain (www.NAME.nhs.uk)
The nhs.uk domain name indicates that the domain is part of the NHS and under managerial control of the NHS. NHS Digital, as manager of the NHS network (N3), is the responsible organisation for control of that domain name. With the notable exception of NHSmail, only nhs.uk domains can be hosted within N3.
Delegation, which is to delegate control of a namespace to a local name server and make it totally authoritative, is not preferred N3 policy and is actively discouraged.
N3 policy is that all external mail (that is, external to the healthcare entity's LAN) traffic must be resolved by the NHS DNS servers. Mail servers using the nhs.uk domain name must be hosted within N3.
It's recognised that there are a very small number of nhs.uk users external to N3 who established services prior to N3 and have been unable to move to N3 for commercial or technical reasons. These are not to be used as a precedent for further expansion of this style of use.
In choosing an email name for your domain, it should be clear and nationally recognisable.
For branding reasons, we would permit only one email domain per organisation.
SMTP permitted usage policy
SMTP domains using the central relay will only be granted to NHS and Department of Health (DH) organisations.
SMTP email domains should not, under any circumstances, be used by third parties or private companies for commercial purposes or for the promotion of commercial corporate identity.
The NHS Digital DNS Team reserves the right to remove any DNS zones and associated DNS records on the NHS.UK Name Servers if it feels the SMTP domain name in question is contravening our policies. For further advice and guidance, please contact email@example.com.
If an organisation commits to buy, or buys web hosting, anticipating that a requested domain will be granted, it does so at its own risk. This will have no bearing on the final decision on whether an nhs.uk domain is granted.
If an nhs.uk domain is granted to an organisation, that organisation will be responsible for ensuring the website meets the necessary security standards.
Failure to meet these standards will result in removal of the domain.
- All requests to come via local Communications Leads, with the exception of GP practice managers/lead partners
- Requests for patient-facing websites providing health advice and information already on nhs.uk will be rejected
- Organisations permitted to use the nhs.uk domain should be limited to one public-facing domain per organisation, barring exceptional circumstances
- Where one NHS organisation leads, NHS services should be delivered via that organisation's corporate site. Commercial activity aimed at other NHS organisations is permitted subject to brand clearance
- Local NHS organisations should use a geographic identifier, so they don't appear to be national
- Where NHS organisations are working in equal partnership on a service, they are allowed one local identifier NHS domain. If they can show evidence that the service is national, a more generic URL will be allowed. One NHS Communications Lead will need to be the nominated owner and the single point of contact
- Commercial activity aimed at the public, or paid advertising, is not permitted
The following organisations are permitted to have an nhs.uk website:
- DH agencies and public bodies - subject to clearance to use the NHS brand, all requests must come via the DH Digital Team - requests from elsewhere will be rejected (points 1 to 7 apply)
- national organisations wholly owned by the Secretary of State for Health and with clearance to use the NHS brand (points 1 to 7 apply)
- NHS Trusts and Foundation Trusts (points 1 to 7 apply)
- CCGs (points 1 to 7 apply)
- CSUs (points 1 to 7 apply)
- GP Surgeries/Clinics (points 2 to 7 apply)
- independent sector treatment centres (ISTCs) (points 1 to 7 apply)
- NHS healthcare services (points 1 to 7 apply)
The following will NOT be granted an nhs.uk domain:
- local health campaigns - see point 2 - anything specific to the local trust should be delivered via the corporate site
- consultations - these should be delivered via the existing corporate website or consultation packages, such as Citizenspace
- single trusts leading on a national level, such as for a rare disease, should develop content on their corporate website (points 1 to 7 apply)
- individuals (including elected representatives)
- associations representing public sector staff
- public sector pension funds
- social enterprises/community interest companies - no new ones will be granted, subject to the brand review
- fundraising charities, voluntary and privately-owned organisations, including charitable arms of NHS trusts
- companies and organisations registered by Companies House, such as private companies (limited by shares or guarantee), private unlimited companies and public liability companies
- public, privately-owned or charitable organisations undertaking work or programmes both targeting and within the NHS
- internet management and network-related companies, including Internet Service Providers (ISPs) and hosting companies
- British overseas territories and international organisations
For GP surgeries, domain names should reflect the official name of the surgery. We will actively discourage websites including the name of the doctors employed there unless it's the name of the surgery.
It's advised that after obtaining your organisation's domain name (yourorg.nhs.uk), any future requests to add host names, applications or services should create and then apply for a sub-domain (child domain) below the main domain name.
NHS.UK domains must follow the NHS identity guidelines laid down by the DH and should not, under any circumstances, be used by third parties or private companies for commercial purposes or for the promotion of a commercial corporate identity.
With respect to external (www) website registration, we cannot delegate the domain name to the Internet Service Providers (ISPs). The nhs.uk namespace is assigned for use for messaging, as well as website name resolution within the N3.
Therefore, we can only allow 'Address' records or 'CNAME' records on our external DNS servers for external (www) websites.
The use of wildcard entries (anytown.nhs.uk) is considered poor use of DNS and will not be added onto the NHS.UK namespace. Requests should be for specific sub-domains.
The NHS Digital DNS team reserves the right to remove any DNS zones and associated DNS records on the nhs.uk Name Servers if it feels that the domain name in question is contravening any of our policies. For further advice and guidance, please contact firstname.lastname@example.org.
Reasons and benefits for the policies within the NHS
The reasons and benefits of this policy are:
- Only by controlling the nhs.uk domain can network and messaging service levels for NHS users be guaranteed. External users could not be included within the area of service management and associated service levels. Using the NHS DNS enables organisations to participate in SMTP messaging through the SMTP Relay service. The central NHS DNS is managed by N3SP. This service has a service level agreement to provide guarantees of its availability and resilience. Any changes to DNS content are backed up by agreed service levels
- Use of the nhs.uk domain promotes confidence in the security environment of its users, including protection from external mail server attacks and acceptance of the N3 Statement of Compliance, including an obligation to screen for viruses and malware. If the nhs.uk domain is not restricted within N3, that level of security could not be guaranteed for any NHS users as it would not be clear whether those users were within nhs.uk or without
- Mail abuse originating from an nhs.uk address but outside N3 could result in barring being made against all nhs.uk users, as the barring is at domain level and would indicate nhs.uk as an untrustworthy source
- If multiple routes are defined for messages in an SMTP community, only routes defined in the centralised NHS DNS will work consistently
- Messaging via the internet is more efficient if the NHS DNS and SMTP relay service is used. Messages going to the internet will be correctly routed if the NHS DNS is used and return message routes from the internet will only work if the organisation's details are in the NHS DNS. Participants gain from the resilience and security it provides to the NHS community
- Placing nhs.uk addresses outside N3 further complicates both mail and IP routing. Simplification of that process aids both performance and reduces the risk of errors resulting from complex routing decisions. This is very important in the N3, which is the largest private intranet in Europe. Network or mail misuse resulting from an external nhs.uk address will bring both NHS Digital and other nhs.uk users into disrepute
- The existence of externally-hosted users of the nhs.uk namespace is not recognised within our current contracts for provision of DNS with respects to email and the managed mail service
- With respect to websites; we want to limit organisations listed with the nhs.uk namespace to be NHS entities. This is to associate the namespace with the NHS brand as a whole. Also, by using sub domains of existing healthcare entities, we can maintain a hierarchical structure, along with improving the functionality of the NHS DNS servers as a whole.
- NHS websites, like other public sector websites, are free of commercial advertising and activity so as to convey only the relevant information to the general public and to retain commercial impartiality. It's not the role of NHS Digital to recommend one company over another
- There's a duty for all NHS organisations to prevent needless web proliferation and in the case of health campaigns, the duplication of effort
- By enforcing naming standards on new domain name applications (especially email), NHS Digital facilitates the production of nationally recognisable NHS Digital domain names. In the past, healthcare entities chose their domain names thinking in a local mindset, and the domain names chosen were often made up of acronyms which were indecipherable at a national level
- The ability to swiftly change DNS entries when problems occur is key to delivering the national SMTP mail service. This service is provided by the NHS Digital DNS Team. This will remove the need for administrators of organisations to configure and maintain changes to host names and IP addresses
Appealing a decision
If you feel that a decision made by the NHS Digital DNS Team is incorrect, you have the right to appeal directly to the NHS England Branding and Identity Team. They will independently assess your appeal and we will abide by their decision.
We're happy to provide the relevant contact details upon request.