Namespace policy

The namespace policy is aimed at both e-mail and website administrators and assumes a basic knowledge of network technologies and DNS (Domain Name System) in particular. It aims to provide good practice associated with integrating DNS within the Health and Social Care Network (HSCN), and on the internet.

The NHS needs to be able to assure the quality, timeliness and accuracy of DNS entries for domains delivering nationally important applications. These include:

• SMTP (Simple Mail Transfer Protocol) mail
• external web sites or applications
• internal web sites or applications

Domains delivering these nationally important applications, such as SMTP mail or external websites, must be hosted on the central HSCN DNS service.

We have a duty to ensure that the NHS brand as a whole is preserved and protected, and to reduce unnecessary web proliferation.

The nhs.uk domain name indicates that the domain is part of the NHS and under managerial control of the NHS. NHS England, as manager of the NHS network (HSCN), is the responsible organisation for control of all nhs.uk domain names. With the notable exception of NHSmail, only nhs.uk domains can be hosted on HSCN.

Off-infrastructure delegation, which is to delegate control of a domain outside the control of the HSCN DNS Service is discussed within the wider HSCN domain naming standards and policies.

HSCN policy is that all external mail (that is, external to the healthcare entitys’ LAN) traffic must be resolved by the HSCN DNS Service. Mail servers using the nhs.uk domain name must be hosted on HSCN.

It's recognised that there are a very small number of nhs.uk users external to HSCN who established services prior to the NHS National Network (N3) and have been unable to move to HSCN for commercial or technical reasons. These are not to be used as a precedent for further expansion of this style of use. N3 was replaced by HSCN in 2019.

In choosing an email name for your domain, you should refer to Domain and record naming.

For branding reasons, NHS England permit only one email domain per organisation. 

SMTP domains using the central email relay will only be granted to NHS and Department of Health and Social Care (DHSC) organisations.

SMTP email domains must not, under any circumstances, be used by third parties or private companies for commercial purposes or for the promotion of commercial corporate identity.

The NHS England DNS team reserves the right to remove without notice, any DNS zones and associated DNS records on the nhs.uk Nameservers (NS) if it feels that the domain name in question is contravening any of our standards, or poses a security or safety risk. For further information refer to Guidance for Domain Name administrators and technical contacts, and for advice, contact the DNS team.

If an organisation commits to buy, or buys web hosting, anticipating that a requested domain will be granted, it does so at its own risk. This will have no bearing on the final decision on whether an nhs.uk domain is granted.

If an nhs.uk domain is granted to an organisation, that organisation will be responsible for ensuring the website meets the necessary security standards.

Failure to meet these standards will result in removal of the domain.

Requests for patient-facing websites providing health advice and information already on nhs.uk will be rejected

Organisations permitted to use the nhs.uk domain should be limited to one public-facing domain per organisation, barring exceptional circumstances

Where one NHS organisation leads, NHS services should be delivered via that organisation's corporate site. Commercial activity aimed at other NHS organisations is permitted subject to brand clearance.

Local NHS organisations should use a geographic identifier, so they don't appear to be national

Where NHS organisations are working in equal partnership on a service, they are allowed one local identifier NHS domain. If they can show evidence that the service is national, a more generic URL will be allowed. 

Commercial activity aimed at the public, or paid advertising, is not permitted.

Organisations permitted (and not permitted) to have an nhs.uk domain/website are listed in the eligibility section of the HSCN domain naming standards and policies.

For GP surgeries, domain names should reflect the official name of the surgery. We will actively discourage websites including the name of the doctors employed there unless it's the name of the surgery.

It's advised that after obtaining your organisations’ domain name (yourorg.nhs.uk), any future host names, applications or services should be created below your obtained domain name.

nhs.uk domains must follow the NHS identity guidelines laid down by DHSC and should not, under any circumstances, be used by third parties or private companies for commercial purposes or for the promotion of a commercial corporate identity.

The reasons and benefits of this policy are:

Only by controlling the nhs.uk domain can network and messaging service levels for NHS users be assured. External users and service providers could not be included within the area of service management and associated service levels. Using the HSCN DNS Service enables organisations to participate in SMTP messaging through the SMTP Relay service. The central NHS DNS is managed by the DNS team. This service has a service level agreement to provide guarantees of its availability and resilience. Any changes to DNS content are backed up by agreed service levels.

Use of the nhs.uk domain promotes confidence in the security environment of its users, including protection from external mail server attacks and acceptance of the HSCN Statement of Compliance, including an obligation to screen for viruses and malware. If the nhs.uk domain is not restricted within HSCN, that level of security could not be guaranteed for any NHS users as it would not be clear whether those users were within nhs.uk or without.

Mail abuse originating from an nhs.uk address but outside HSCN could result in barring being made against all nhs.uk users, as the barring is at domain level and would indicate nhs.uk as an untrustworthy source.

If multiple routes are defined for messages in an SMTP community, only routes defined in the centralised HSCN DNS Service will work consistently.

Messaging via the internet is more efficient if the HSCN DNS Service and SMTP relay service are used. Messages going to the internet will be correctly routed if the HSCN DNS Service is used and return message routes from the internet will only work if the organisations’ details are in the HSCN DNS Service. Participants gain from the resilience and security it provides to the NHS community.

Placing nhs.uk addresses outside HSCN further complicates both mail and IP routing. Simplification of that process aids both performance and reduces the risk of errors resulting from complex mail-routing decisions. This is very important in the HSCN, which is the largest private intranet in Europe. Network or mail misuse resulting from an external nhs.uk address will bring NHS England and the wider NHS into disrepute.

The existence of externally-hosted users of the nhs.uk namespace is not recognised within our current contracts for provision of DNS with respects to email and the managed mail service.

With respect to websites; we want to limit organisations listed with the nhs.uk namespace to be NHS entities. This is to indivisibly associate the namespace with the NHS brand as a whole. Also, by using sub-domains of existing healthcare entities, we can maintain a hierarchical structure, along with improving the functionality of the HSCN DNS Service as a whole.

NHS websites, like other public sector websites, are free of commercial advertising and activity so as to convey only the relevant information to the general public and critically, to retain commercial impartiality. It's not the role of NHS England to recommend one company over another.

There is a duty for all NHS organisations to prevent needless web proliferation and in the case of health campaigns, the duplication of effort.

By enforcing naming standards on new domain-name-using applications (especially email), NHS England facilitates the production of nationally recognisable NHS domain names. In the past, healthcare entities chose their domain names with a local mindset, and the domain names chosen were often made up of acronyms which were indecipherable at national level.

The ability to swiftly change DNS entries when problems occur is key to delivering the national SMTP mail service. This service is provided by the NHS England DNS team. This will remove the need for administrators of organisations to configure and maintain changes to host names and IP addresses.

NHS England’s cyber security teams require logging and reporting data from our central services in order to protect the whole NHS. The central SMTP email relay and HSCN DNS Services provide this data. Third-party services do not and their use creates a ‘shadow IT’ problem that increasingly hampers protection of the wider HSCN and NHS itself.