Mail Check is changing: What UK public sector organisations must know about DMARC and email security

The National Cyber Security Centre (NCSC) has suggested a change to Mail Check services starting on 24 March 2025. This change mainly involves ending DMARC aggregate reporting.

This change comes as a measure to expand the services provided by Mail Check to any UK based organisation, while also limiting the cost and complexity of the existing service. The NCSC notes this will further allow for the creation of new services in the future.

To assist with this transition, Red Sift is offering impacted organisations an extended free trial, including beyond the service end date for Mail Check up to 31 March 2025.

What are the changes?

The NCSC has confirmed that Mail Check will continue to check for these services:

  • DMARC policy, policy strength and errors 
  • SPF policy, and effectiveness and errors 
  • MTA-STS policy, and policy strength and errors  
  • Inbound TLS (e.g. certificate validity, encryption cyphers)

The proposed changes include stopping support for DMARC aggregate reporting, DMARC insights, DKIM checks, and TLS reporting (TLS-RPT). With bad actors finding increasingly sophisticated methods to execute cyber attacks, it is vital for organisations to continue to utilise tools for DMARC reporting, which include monitoring of DKIM and inbound TLS management. This also ensures departments remain compliant with email security recommendations outlined by the NCSC.

Why is reporting important?

Understanding the data and insights delivered from your DMARC service is fundamental to ensuring strengthened protection against bad actors, while providing complete oversight into any issues and errors that could lead to significant reputable and financial damage to your organisation. By not implementing continuous reporting, businesses face significant risk of continuity challenges from changes and drift that can cause emails to stop being compliant, leading to undelivered mail for those in DMARC enforcement.

First and foremost it is an essential requirement for UK government organisations and departments to meet the Cyber Assurance Framework (CAF). This includes managing security risks, protecting against cyber attacks, implementing tools to support the detection of cybersecurity events, and minimising the impact of incidents.

The NSCS further advises the need to develop capabilities to detect common cyberattacks and to have a defined, and tested response plan for incidents affecting sensitive information or key services, including reporting any breach to the Information Commissioner’s Office.

For organisations that have achieved DMARC enforcement, staying on top of changes can feel like a continued expense, especially as vendor updates or misconfigurations occur. However, reducing the cost of managing these changes is possible with the right tools, where streamlined reporting can ensure effective oversight without additional costs.

In addition, DMARC is not a set and forget setup; it requires ongoing attention to maintain its effectiveness. Implementing robust monitoring tools is essential to ensure only authorised communications are sent while blocking illegitimate mail, safeguarding your email environment from evolving threats.

Likewise, major email providers such as Google and Yahoo strongly recommend setting up a monitoring provider for domains that send bulk emails, which includes continuous reporting. This ensures your organisation stays protected from potential phishing attacks or business email compromise (BEC), avoiding potential email-based breaches and monitoring for weaknesses within your email security, allowing the user to take action to rectify them. 

Red Sift OnDMARC: The Mail Check alternative

The NCSC recommends affected departments switch to an alternative tool that provides DMARC implementation and offers continuous support for the services no longer provided by Mail Check. Red Sift is ready to support affected organisations with an extended free trial, including beyond the service end date for Mail Check up to 31 March 2025.


With Red Sift OnDMARC, users benefit from a like-for-like alternative to Mail Check that offers equivalent basic reporting capabilities with enhanced enrichment of data. In addition to also offering TLS reporting, Red Sift OnDMARC offers a one-click deployment of new emerging requirements such as MTA-STS, to simplify policy hosting and management.

The Government, quite correctly, has always said it doesn’t want to intervene in areas where the private market can provide the answers. Now that the Active Cyber Defence programme is maturing, it is stepping back from some aspects of Mail Check. Red Sift is one of the companies with a real track record in providing the answer”.

Ciaran Martin

Founder and former CEO of the National Cyber Security Centre and Special Advisor to Red Sift

Take a look below at how similar Mail Check reporting is compared to Red Sift OnDMARC.

Mail Check reporting

OnDMARC reporting

In addition to simplifying MTA-STS hosting, Red Sift OnDMARC’s Dynamic Services streamlines the management of DMARC, SPF, and DKIM records, optimising email deliverability throughout the organisation. Using OnDMARC, users can quickly identify active sending domains, pinpoint the systems responsible for sending emails, and remove outdated or unnecessary sources, enabled through high volumes of managed data contained within both public and private channel feeds.

OnDMARC also provides automated alerts for critical DNS changes, such as updates to MX, SPF, or DMARC records, ensuring mail flow and security policies remain uncompromised. Additionally, the new source classifier leverages your DMARC data signals, combined with our team’s extensive expertise, to help you classify sources faster and achieve enforcement more efficiently with fewer errors.

Available through the G-Cloud 14 framework, Red Sift OnDMARC is an accessible and trusted solution for UK public sector organisations. As a UK-headquartered company, Red Sift offers UK data residency, ensuring compliance with local requirements. With ISO27001 and Cyber Essentials certifications, Red Sift is committed to the highest security standards.

Join the many public sector organisations who have already transitioned to DMARC protection with support from Red Sift, and benefit from timely implementation, expert guidance, and value-added services that go beyond what was previously available through Mail Check.

Still researching? Have a look at the options on G-Cloud 14 and see how Red Sift stacks up

PUBLISHED BY

Jack Lilley

21 Nov. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more
Certificates

Never miss an expiring certificate again with Red Sift Certificates Lite

Francesca Rünger-Field

SSL/TLS certificates are the backbone of secure, uninterrupted digital experiences—but managing them effectively to prevent downtime remains a persistent challenge. With browser and certificate authorities looking to reduce certificate durations to as little as 90 or even 47 days, keeping track of renewals has never been more critical. That’s why we’re excited to introduce…

Read more
DMARC

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail…

Francesca Rünger-Field

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail Check users With the NCSC discontinuing key features of its Mail Check service, including DMARC aggregate and TLS reporting, after March 2025, UK public sector organisations must prepare for this change by transitioning to alternative email security solutions. To support this shift,…

Read more