• DMARC
  • email security

Mail Check: Navigating the new changes

The National Cyber Security Centre (NCSC) recently proposed updates to its Mail Check coming into effect on 24 March 2025. As the service evolves to focus on accessibility and scalability, some of the features that UK public sector organisations relied on will no longer be available, including DMARC aggregate reporting.

To help make sense of this shift, we recently held a webinar with former NCSC founder and CEO, Ciaran Martin, and Red Sift’s CEO, Rahul Powar, to discuss how public sector organisations can understand, adapt and find solutions to simply any transition brought on by the updates. 

Watch the full recording:

How is Mail Check changing in 2025? 

Ciaran explained that the UK faced significant cybersecurity challenges, including widespread digital pollutants left unaddressed and millions of websites harbouring malicious code. To tackle these issues, Mail Check was developed as part of the Active Cyber Defense Initiative, providing public sector organisations with tools to implement key email security protections like DMARC, SPF, DKIM, and TLS

Now that both public and private sector organisations are maturing and adopting effective email security measures, Mail Check is phasing out some of its services, including:

  • DMARC aggregate reporting: A vital monitoring tool to protect against unauthorised use of domains while managing and identifying new senders
  • DMARC and DKIM insights: Key to identifying and resolving encryption issues, helping to avoid deliverability challenges.
  • TLS reporting (TLS-RPT): Essential for ensuring email authenticity and secure communication.
“We’ve seen a maturity in organisations in the private sector to create and enable solutions and a maturity within government organisations to use and deploy these tools.”

Billy McDiarmid

Senior Director, Sales Engineering at Red Sift

No more DMARC reporting? What’s the big deal? 

The primary purpose of DMARC reporting is to establish genuine authentication for outbound email, ensuring continuous monitoring and blocking illegitimate senders, explained Rahul. DMARC allows you to receive reports from email receivers (like Gmail and Yahoo) about the emails they’re receiving from your domain. 

These reports provide a wealth of information including:

  • Oversight into which IP addresses are sending emails on behalf of your domain
  • Enhanced  visibility into authentication and detailed feedback on SPF and DKIM reliability
  • A clearer understanding of DMARC failure, helping to identify and address issues. 

Failure to comply leaves you vulnerable

We don’t like to dwell on the negatives, but falling out of DMARC compliance can expose  public sector organisations and individuals to significant risks, including:

  • Domain phishing and spoofing: Without visibility into who is sending on your behalf, your domain can be spoofed, resulting in extensive financial and reputational damage.
  • Regulatory violations: Non-compliance with  regulatory frameworks like the Cyber Assessment Framework (CAF) and PCI-DSS 4.0
  • Email delivery issues: Legitimate emails may be blocked or misrouted, especially for businesses in p=reject, caused by misaligned systems or stricter sender authentication.

Red Sift is ready to support you

To address the upcoming changes to Mail Check, the NCSC advises affected departments to transition to alternative tools that support DMARC implementation. As Rahul confirmed, Red Sift is stepping in to support organisations during this transition, offering an extended free trial of its Red Sift OnDMARC application through to 31 March 2025, extending beyond Mail Check’s service end date.

“We make it easy to do the basic things correctly, so we can all get on with our day.”

Rahul Powar

CEO, Red Sift

With Red Sift OnDMARC, users gain a comprehensive alternative to Mail Check, providing equivalent reporting capabilities enriched with deeper data insights and continuous monitoring. The platform also includes TLS reporting and simplifies the adoption of emerging requirements like MTA-STS with a one-click deployment feature, streamlining policy hosting and management for enhanced email security.

See how we compare:

A trusted leader in the field

As the UK public sector’s trusted security partner, Red Sift is already providing monitoring for 6300 domains across Central Government, Devolved Nations, Blue Light, the NHS and many more. In addition, 70% of London borough councils trust Red Sift OnDMARC as their DMARC provider, with 70% of their combined domains having already achieved a DMARC status of p=reject.  

With Red Sift OnDMARC, organisations can protect against harmful attacks like phishing and Business Email Compromise (BEC), while benefiting from partnering with:

  • A G2 leader in the DMARC category 
  • An industry leading customer success team
  • The only UK-based DMARC provider on G-Cloud 14
  • UK head-quartered with UK data residency
  • ISO 27001 and Cyber Essentials certified

Ready to get started? Speak to the team today and begin your free extended trial

PUBLISHED BY

Jack Lilley

15 Jan. 2025

SHARE ARTICLE:

Categories

DMARCNewsSecurity

Related articles

The role of DMARC in email security Mail Check: Navigating the new changesExploring the complexities of cyber insurance with Harpreet MannCountdown to compliance: Are you ready for the DORA deadline?Predictions for 2025: Cybersecurity and the increasing rise of AI

Recent Posts

VIEW ALL
Cybersecurity
17 Jan. 2025

The role of DMARC in email security 

Red Sift

We’ll admit it, we’re pretty nerdy for email security and are passionate about ensuring your organization is protected from harmful cyber attacks and bad actors. You’ll often hear us talk about Domain-based Message Authentication, Reporting and Compliance (DMARC) because…it’s kind of a big deal. Yet, as Antony Seedhouse highlighted at the recent e-Crimes &…

Read more
DMARC
15 Jan. 2025

Mail Check: Navigating the new changes

Jack Lilley

The National Cyber Security Centre (NCSC) recently proposed updates to its Mail Check coming into effect on 24 March 2025. As the service evolves to focus on accessibility and scalability, some of the features that UK public sector organisations relied on will no longer be available, including DMARC aggregate reporting. To help make sense…

Read more
Cybersecurity
14 Jan. 2025

Exploring the complexities of cyber insurance with Harpreet Mann

Sean Costigan

In the fourth episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, delves into the intricacies of cyber insurance with Harpreet Mann, President of Amynta Trade Credit and Political Risk Solutions. Drawing on her extensive experience in insurance and risk management, Harpreet sheds light on the challenges and transformative…

Read more
DORA
9 Jan. 2025

Countdown to compliance: Are you ready for the DORA deadline?

Jack Lilley

The European Union’s (EU) Digital Operational Resilience Act (DORA) deadline approaches, with just one week to go before the DORA applies to all financial entities and their ICT service providers on January 17 2025. Sectors affected by the DORA include but are not limited to: Understanding and ensuring compliance with the upcoming legislation need…

Read more
Red Sift Logo

PLATFORM

The Red Sift Pulse Platform

Internet-scale cybersecurity intelligence meets trusted AI.
OnDMARC

Protect against phishing and BEC attacks.
Brand Trust

Stop brand abuse, fraud and lookalike attacks.
ASM

Continuously discover and manage external-facing and cloud assets.
Certificates

Real-time discovery and seamless monitoring for certificates.

INNOVATION

CUSTOMERS

Resources

Company