The National Cyber Security Centre (NCSC) proposed changes to Mail Check services came into effect on 24 March 2025, including the ending of DMARC aggregate reporting. Organisations who are yet to comply must now seek an alternative provider or risk exposure to harmful cybersecurity incidents.
This change comes as a measure to expand the services provided by Mail Check to any UK based organisation, while also limiting the cost and complexity of the existing service. The NCSC notes this will further allow for the creation of new services in the future.
Use our free Red Sift Investigate tool to check your organisations DMARC record and more!
What are the changes?
The NCSC has confirmed that Mail Check will continue to check for these services:
- DMARC policy, policy strength and errors
- SPF policy, and effectiveness and errors
- MTA-STS policy, and policy strength and errors
- Inbound TLS (e.g. certificate validity, encryption cyphers)
The NCSC will now no longer support DMARC aggregate reporting, DMARC insights, DKIM checks, and TLS reporting (TLS-RPT). With bad actors finding increasingly sophisticated methods to execute cyber attacks, it is vital for organisations to continue to utilise tools for DMARC reporting, which include monitoring of DKIM and inbound TLS management. This also ensures departments remain compliant with email security recommendations outlined by the NCSC.
Don’t get caught out: Take action now
First and foremost it is an essential requirement for UK government organisations and departments to meet the Cyber Assurance Framework (CAF). This includes managing security risks, protecting against cyber attacks, implementing tools to support the detection of cybersecurity events, and minimising the impact of incidents.
The NSCS further advises the need to develop capabilities to detect common cyberattacks and to have a defined, and tested response plan for incidents affecting sensitive information or key services, including reporting any breach to the Information Commissioner’s Office.
Failure to take action could lead to:
- Reputation Damage: If an organisation’s email security weakens due to inaction, they risk reputation damage from phishing attacks impersonating their domain, or BEC incidents, damaging customer and partner trust.
- Weak email authentication: Without a new provider, organisations relying on Mail Check will no longer have access to its DMARC, DKIM and TLS reporting services. This could leave them blind to email authentication issues.
- Increased Email Security Risks: Organisations that relied on detection through Mail Check may struggle to detect and mitigate phishing, spoofing, and email fraud attempts, increasing their exposure to cyber threats.
- Compliance and Regulatory Risks: Failure to establish an alternative provider leaves organisations open to non-compliance and potential financial penalties.
- Operational Disruptions: Organisations who relied on Mail Check’s insights for email deliverability and security management may experience disruptions, leading to increased email rejection rates or deliverability issues.
Why is reporting important?
Understanding the data and insights delivered from your DMARC service is fundamental to ensuring strengthened protection against bad actors, while providing complete oversight into any issues and errors that could lead to significant reputable and financial damage to your organisation. By not implementing continuous reporting, businesses face significant risk of continuity challenges from changes and drift that can cause emails to stop being compliant, leading to undelivered mail for those in DMARC enforcement.
For organisations that have achieved DMARC enforcement, staying on top of changes can feel like a continued expense, especially as vendor updates or misconfigurations occur. However, reducing the cost of managing these changes is possible with the right tools, where streamlined reporting can ensure effective oversight without additional costs.
In addition, DMARC is not a set and forget setup; it requires ongoing attention to maintain its effectiveness. Implementing robust monitoring tools is essential to ensure only authorised communications are sent while blocking illegitimate mail, safeguarding your email environment from evolving threats.
Likewise, major email providers such as Google and Yahoo strongly recommend setting up a monitoring provider for domains that send bulk emails, which includes continuous reporting. This ensures your organisation stays protected from potential phishing attacks or business email compromise (BEC), avoiding potential email-based breaches and monitoring for weaknesses within your email security, allowing the user to take action to rectify them.
Red Sift OnDMARC: The Mail Check alternative
The NCSC recommends affected departments switch to an alternative tool that provides DMARC implementation and offers continuous support for the services no longer provided by Mail Check. If you are yet to take action, Red Sift is ready to support your transition today, keeping your organisation secure.
With Red Sift OnDMARC, users benefit from a like-for-like alternative to Mail Check that offers equivalent basic reporting capabilities with enhanced enrichment of data. In addition to also offering TLS reporting, Red Sift OnDMARC offers a one-click deployment of new emerging requirements such as MTA-STS, to simplify policy hosting and management.
Ciaran Martin
Founder and former CEO of the National Cyber Security Centre and Special Advisor to Red SiftTake a look below at how similar Mail Check reporting is compared to Red Sift OnDMARC.
Mail Check reporting
OnDMARC reporting
In addition to simplifying MTA-STS hosting, Red Sift OnDMARC’s Dynamic Services streamlines the management of DMARC, SPF, and DKIM records, optimising email deliverability throughout the organisation. Using OnDMARC, users can quickly identify active sending domains, pinpoint the systems responsible for sending emails, and remove outdated or unnecessary sources, enabled through high volumes of managed data contained within both public and private channel feeds.
OnDMARC also provides automated alerts for critical DNS changes, such as updates to MX, SPF, or DMARC records, ensuring mail flow and security policies remain uncompromised. Additionally, the new source classifier leverages your DMARC data signals, combined with our team’s extensive expertise, to help you classify sources faster and achieve enforcement more efficiently with fewer errors.
Available through the G-Cloud 14 framework, Red Sift OnDMARC is an accessible and trusted solution for UK public sector organisations. As a UK-headquartered company, Red Sift offers UK data residency, ensuring compliance with local requirements. With ISO27001 and Cyber Essentials certifications, Red Sift is committed to the highest security standards.
Join the many public sector organisations who have already transitioned to DMARC protection with support from Red Sift, and benefit from timely implementation, expert guidance, and value-added services that go beyond what was previously available through Mail Check.
