Mail Check: Navigating the new changes

Executive Summary: The NCSC’s upcoming changes to Mail Check services, including the discontinuation of DMARC aggregate reporting, necessitate that organisations find alternative solutions to maintain robust email security.​

This article:

• Explains the National Cyber Security Centre’s (NCSC) proposed updates to Mail Check services and what this means for UK public sector organisations.​
• Notes the discontinuation of DMARC aggregate reporting and its implications.
• ​Advises organisations to seek alternative solutions for DMARC reporting, such as Red Sift OnDMARC.

Introduction

The National Cyber Security Centre (NCSC) recently proposed updates to its Mail Check coming into effect on 24 March 2025. As the service evolves to focus on accessibility and scalability, some of the features that UK public sector organisations relied on will no longer be available, including DMARC aggregate reporting.

To help make sense of this shift, we recently held a webinar with former NCSC founder and CEO, Ciaran Martin, and Red Sift’s CEO, Rahul Powar, to discuss how public sector organisations can understand, adapt and find solutions to simply any transition brought on by the updates. 

Watch the full recording:

How is Mail Check changing in 2025? 

Ciaran explained that the UK faced significant cybersecurity challenges, including widespread digital pollutants left unaddressed and millions of websites harbouring malicious code. To tackle these issues, Mail Check was developed as part of the Active Cyber Defense Initiative, providing public sector organisations with tools to implement key email security protections like DMARC, SPF, DKIM, and TLS. 

Now that both public and private sector organisations are maturing and adopting effective email security measures, Mail Check is phasing out some of its services, including:

• DMARC aggregate reporting: A vital monitoring tool to protect against unauthorised use of domains while managing and identifying new senders
• DMARC and DKIM insights: Key to identifying and resolving encryption issues, helping to avoid deliverability challenges.
• TLS reporting (TLS-RPT): Essential for ensuring email authenticity and secure communication.

“We’ve seen a maturity in organisations in the private sector to create and enable solutions and a maturity within government organisations to use and deploy these tools.”

Billy McDiarmid

Senior Director, Sales Engineering at Red Sift

No more DMARC reporting? What’s the big deal? 

The primary purpose of DMARC reporting is to establish genuine authentication for outbound email, ensuring continuous monitoring and blocking illegitimate senders, explained Rahul. DMARC allows you to receive reports from email receivers (like Gmail and Yahoo) about the emails they’re receiving from your domain. 

These reports provide a wealth of information including:

• Oversight into which IP addresses are sending emails on behalf of your domain
• Enhanced  visibility into authentication and detailed feedback on SPF and DKIM reliability
• A clearer understanding of DMARC failure, helping to identify and address issues. 

Failure to comply leaves you vulnerable

We don’t like to dwell on the negatives, but falling out of DMARC compliance can expose  public sector organisations and individuals to significant risks, including:

• Domain phishing and spoofing: Without visibility into who is sending on your behalf, your domain can be spoofed, resulting in extensive financial and reputational damage.
• Regulatory violations: Non-compliance with  regulatory frameworks like the Cyber Assessment Framework (CAF) and PCI-DSS 4.0
• Email delivery issues: Legitimate emails may be blocked or misrouted, especially for businesses in p=reject, caused by misaligned systems or stricter sender authentication.

Red Sift is ready to support you

To address the upcoming changes to Mail Check, the NCSC advises affected departments to transition to alternative tools that support DMARC implementation. As Rahul confirmed, Red Sift is stepping in to support organisations during this transition, offering an extended free trial of its Red Sift OnDMARC application through to 31 March 2025, extending beyond Mail Check’s service end date.

“We make it easy to do the basic things correctly, so we can all get on with our day.”

Rahul Powar

CEO, Red Sift

With Red Sift OnDMARC, users gain a comprehensive alternative to Mail Check, providing equivalent reporting capabilities enriched with deeper data insights and continuous monitoring. The platform also includes TLS reporting and simplifies the adoption of emerging requirements like MTA-STS with a one-click deployment feature, streamlining policy hosting and management for enhanced email security.

See how we compare:

A trusted leader in the field

As the UK public sector’s trusted security partner, Red Sift is already providing monitoring for 6300 domains across Central Government, Devolved Nations, Blue Light, the NHS and many more. In addition, 70% of London borough councils trust Red Sift OnDMARC as their DMARC provider, with 70% of their combined domains having already achieved a DMARC status of p=reject.  

With Red Sift OnDMARC, organisations can protect against harmful attacks like phishing and Business Email Compromise (BEC), while benefiting from partnering with:

• A G2 leader in the DMARC category 
• An industry leading customer success team
• The only UK-based DMARC provider on G-Cloud 14
• UK head-quartered with UK data residency
• ISO 27001 and Cyber Essentials certified

Ready to get started? Speak to the team today and begin your free extended trial.