The National Cyber Security Centre (NCSC) has suggested a change to Mail Check services starting on 24 March 2025. This change mainly involves ending DMARC aggregate reporting.
This change comes as a measure to expand the services provided by Mail Check to any UK based organisation, while also limiting the cost and complexity of the existing service. The NCSC notes this will further allow for the creation of new services in the future.
To assist with this transition, Red Sift is offering impacted organisations an extended free trial, including beyond the service end date for Mail Check up to 31 March 2025.
What are the changes?
The NCSC has confirmed that Mail Check will continue to check for these services:
- DMARC policy, policy strength and errors
- SPF policy, and effectiveness and errors
- MTA-STS policy, and policy strength and errors
- Inbound TLS (e.g. certificate validity, encryption cyphers)
The proposed changes include stopping support for DMARC aggregate reporting, DMARC insights, DKIM checks, and TLS reporting (TLS-RPT). With bad actors finding increasingly sophisticated methods to execute cyber attacks, it is vital for organisations to continue to utilise tools for DMARC reporting, which include monitoring of DKIM and inbound TLS management. This also ensures departments remain compliant with email security recommendations outlined by the NCSC.
Why is reporting important?
Understanding the data and insights delivered from your DMARC service is fundamental to ensuring strengthened protection against bad actors, while providing complete oversight into any issues and errors that could lead to significant reputable and financial damage to your organisation. By not implementing continuous reporting, businesses face significant risk of continuity challenges from changes and drift that can cause emails to stop being compliant, leading to undelivered mail for those in DMARC enforcement.
First and foremost it is an essential requirement for UK government organisations and departments to meet the Cyber Assurance Framework (CAF). This includes managing security risks, protecting against cyber attacks, implementing tools to support the detection of cybersecurity events, and minimising the impact of incidents.
The NSCS further advises the need to develop capabilities to detect common cyberattacks and to have a defined, and tested response plan for incidents affecting sensitive information or key services, including reporting any breach to the Information Commissioner’s Office.
For organisations that have achieved DMARC enforcement, staying on top of changes can feel like a continued expense, especially as vendor updates or misconfigurations occur. However, reducing the cost of managing these changes is possible with the right tools, where streamlined reporting can ensure effective oversight without additional costs.
In addition, DMARC is not a set and forget setup; it requires ongoing attention to maintain its effectiveness. Implementing robust monitoring tools is essential to ensure only authorised communications are sent while blocking illegitimate mail, safeguarding your email environment from evolving threats.
Likewise, major email providers such as Google and Yahoo strongly recommend setting up a monitoring provider for domains that send bulk emails, which includes continuous reporting. This ensures your organisation stays protected from potential phishing attacks or business email compromise (BEC), avoiding potential email-based breaches and monitoring for weaknesses within your email security, allowing the user to take action to rectify them.
Red Sift OnDMARC: The Mail Check alternative
The NCSC recommends affected departments switch to an alternative tool that provides DMARC implementation and offers continuous support for the services no longer provided by Mail Check. Red Sift is ready to support affected organisations with an extended free trial, including beyond the service end date for Mail Check up to 31 March 2025.
With Red Sift OnDMARC, users benefit from a like-for-like alternative to Mail Check that offers equivalent basic reporting capabilities with enhanced enrichment of data. In addition to also offering TLS reporting, Red Sift OnDMARC offers a one-click deployment of new emerging requirements such as MTA-STS, to simplify policy hosting and management.
Take a look below at how similar Mail Check reporting is compared to Red Sift OnDMARC.
Mail Check reporting
OnDMARC reporting
In addition to simplifying MTA-STS hosting, Red Sift OnDMARC’s Dynamic Services streamlines the management of DMARC, SPF, and DKIM records, optimising email deliverability throughout the organisation. Using OnDMARC, users can quickly identify active sending domains, pinpoint the systems responsible for sending emails, and remove outdated or unnecessary sources, enabled through high volumes of managed data contained within both public and private channel feeds.
OnDMARC also provides automated alerts for critical DNS changes, such as updates to MX, SPF, or DMARC records, ensuring mail flow and security policies remain uncompromised. Additionally, the new source classifier leverages your DMARC data signals, combined with our team’s extensive expertise, to help you classify sources faster and achieve enforcement more efficiently with fewer errors.
Available through the G-Cloud 14 framework, Red Sift OnDMARC is an accessible and trusted solution for UK public sector organisations. As a UK-headquartered company, Red Sift offers UK data residency, ensuring compliance with local requirements. With ISO27001 and Cyber Essentials certifications, Red Sift is committed to the highest security standards.
Join the many public sector organisations who have already transitioned to DMARC protection with support from Red Sift, and benefit from timely implementation, expert guidance, and value-added services that go beyond what was previously available through Mail Check.
