Beta This is new guidance. Complete our quick 5-question survey to help us improve it.

  1. Service manual
  2. Technology
  3. How to email your users

If you need to email your service’s users, you must do so in a way that makes sure they get your emails and protects them from spam and phishing.

Meeting the Digital Service Standard

If your service uses email, you must set it up in a way that works and protects users from spam to meet the following points:

You’ll have to discuss how you’ve done this at your service assessments - this could include any decisions you made about emailing users.

Use a specialist service provider

You should use a specialist service provider for sending emails, and consider using GOV.UK Notify.

Create an email address

To email users, you must set up an email address on the domain, for example:


Talk to your department IT team or service provider to set up an email address on the domain.

You must only email your users from this email address, not your department or agency or any other domain.

Allow users to reply to you

You must create an email address which your users can reply to, and you must read their messages.

You can receive user replies in either of the following ways:

  • by allowing users to reply directly
  • by setting a reply-to address

Protect your users

When contacting your users, you must:

  • leave out sensitive information, like bank details
  • avoid making requests for personal information, like a user’s date of birth
  • only send links which point to the GOV.UK domain and show the URL in full
  • avoid including redirects in any links (eg tracking)
  • avoid sending attachments with emails
  • include the user’s first name and surname in the body of the email to make phishing more difficult
  • analyse your DMARC reports to check the phishing attacks that have been made against your domain, and continuously improve your email delivery

You must also set up the following technology to protect users from spam and make your real emails less likely to be caught by spam filters:

Dealing with delivery errors

Don’t keep sending mail to email addresses that you know are broken or don’t exist.

Testing your email delivery

You must implement automated testing and monitoring to ensure that your email sending is reliable.

The level of reliability you need depends on:

  • what your service does and how critical email is to the service
  • the development phase you’re in - in alpha you won’t need as much reliability as when the service is live

Types of checks you need

The types of checks you need to achieve your chosen level of reliability depend on how you’re sending emails.

If you’re using GOV.UK Notify or another managed email service provider, it may be enough to carry out a combination of:

  • monitoring checks on your integration with the external services
  • automated tests that verify the integration with the third party API

If you need to be more confident of reliability, you can set up full end to end tests which check both the integration of your service and the eventual delivery to the recipient.

Checking the format and content of your email

You should periodically use tools to manually check:

  • the email looks normal and is easy to read in all email and webmail clients
  • the email successfully delivers to popular email clients

There are a variety of commercial tools you can use to manually check emails.

How to write emails

You should use plain English when talking to users.

Check the patterns for notifications to see examples of the wordings you should use when contacting users.

Published by:
Technology community (technical architecture)
Last update:

Guidance first published