Mail Check: Navigating the new changes

The National Cyber Security Centre (NCSC) recently proposed updates to its Mail Check coming into effect on 24 March 2025. As the service evolves to focus on accessibility and scalability, some of the features that UK public sector organisations relied on will no longer be available, including DMARC aggregate reporting.

To help make sense of this shift, we recently held a webinar with former NCSC founder and CEO, Ciaran Martin, and Red Sift’s CEO, Rahul Powar, to discuss how public sector organisations can understand, adapt and find solutions to simply any transition brought on by the updates. 

Watch the full recording:

How is Mail Check changing in 2025? 

Ciaran explained that the UK faced significant cybersecurity challenges, including widespread digital pollutants left unaddressed and millions of websites harbouring malicious code. To tackle these issues, Mail Check was developed as part of the Active Cyber Defense Initiative, providing public sector organisations with tools to implement key email security protections like DMARC, SPF, DKIM, and TLS

Now that both public and private sector organisations are maturing and adopting effective email security measures, Mail Check is phasing out some of its services, including:

  • DMARC aggregate reporting: A vital monitoring tool to protect against unauthorised use of domains while managing and identifying new senders
  • DMARC and DKIM insights: Key to identifying and resolving encryption issues, helping to avoid deliverability challenges.
  • TLS reporting (TLS-RPT): Essential for ensuring email authenticity and secure communication.
“We’ve seen a maturity in organisations in the private sector to create and enable solutions and a maturity within government organisations to use and deploy these tools.”

Billy McDiarmid

Senior Director, Sales Engineering at Red Sift

No more DMARC reporting? What’s the big deal? 

The primary purpose of DMARC reporting is to establish genuine authentication for outbound email, ensuring continuous monitoring and blocking illegitimate senders, explained Rahul. DMARC allows you to receive reports from email receivers (like Gmail and Yahoo) about the emails they’re receiving from your domain. 

These reports provide a wealth of information including:

  • Oversight into which IP addresses are sending emails on behalf of your domain
  • Enhanced  visibility into authentication and detailed feedback on SPF and DKIM reliability
  • A clearer understanding of DMARC failure, helping to identify and address issues. 

Failure to comply leaves you vulnerable

We don’t like to dwell on the negatives, but falling out of DMARC compliance can expose  public sector organisations and individuals to significant risks, including:

  • Domain phishing and spoofing: Without visibility into who is sending on your behalf, your domain can be spoofed, resulting in extensive financial and reputational damage.
  • Regulatory violations: Non-compliance with  regulatory frameworks like the Cyber Assessment Framework (CAF) and PCI-DSS 4.0
  • Email delivery issues: Legitimate emails may be blocked or misrouted, especially for businesses in p=reject, caused by misaligned systems or stricter sender authentication.

Red Sift is ready to support you

To address the upcoming changes to Mail Check, the NCSC advises affected departments to transition to alternative tools that support DMARC implementation. As Rahul confirmed, Red Sift is stepping in to support organisations during this transition, offering an extended free trial of its Red Sift OnDMARC application through to 31 March 2025, extending beyond Mail Check’s service end date.

“We make it easy to do the basic things correctly, so we can all get on with our day.”

Rahul Powar

CEO, Red Sift

With Red Sift OnDMARC, users gain a comprehensive alternative to Mail Check, providing equivalent reporting capabilities enriched with deeper data insights and continuous monitoring. The platform also includes TLS reporting and simplifies the adoption of emerging requirements like MTA-STS with a one-click deployment feature, streamlining policy hosting and management for enhanced email security.

See how we compare:

A trusted leader in the field

As the UK public sector’s trusted security partner, Red Sift is already providing monitoring for 6300 domains across Central Government, Devolved Nations, Blue Light, the NHS and many more. In addition, 70% of London borough councils trust Red Sift OnDMARC as their DMARC provider, with 70% of their combined domains having already achieved a DMARC status of p=reject.  

With Red Sift OnDMARC, organisations can protect against harmful attacks like phishing and Business Email Compromise (BEC), while benefiting from partnering with:

  • A G2 leader in the DMARC category 
  • An industry leading customer success team
  • The only UK-based DMARC provider on G-Cloud 14
  • UK head-quartered with UK data residency
  • ISO 27001 and Cyber Essentials certified

Ready to get started? Speak to the team today and begin your free extended trial

PUBLISHED BY

Jack Lilley

15 Jan. 2025

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Cybersecurity

Collaborative cybersecurity: The building blocks to a safer internet

Rahul Powar

Ciaran Martin, former CEO of the UK National Cyber Security Centre, and Rahul Powar, CEO of Red Sift The internet’s foundational promise is one of connection, opportunity, and innovation. But as technological innovation grows, so do the risks. The challenge is clear: how do we create a fundamentally safer internet while empowering organisations of…

Read more
Cybersecurity

Securing crypto with Andrei Terentiev

Sean Costigan

In a new episode of Resilience Rising, host Sean Costigan speaks to Andrei Terentiev, Chief Technology Officer (CTO) of Bitcoin.com. The discussion dives into the relationship between cryptocurrency and cybersecurity, with valuable insights into the challenges and strategies for safeguarding digital assets. Navigating the intersection of cryptocurrency and cybersecurity Andrei shares his journey from…

Read more
DMARC

2.3 million organizations embrace DMARC compliance

Jack Lilley

It has been one year since Google and Yahoo implemented stricter requirements for bulk email senders. Eleven months ago, Red Sift shared an update based on data from BIMI Radar, which revealed a concerning global readiness picture. Now, with a full year behind us, it’s time to evaluate the progress organizations have made in…

Read more
BIMI

VMC and CMC updates: 5 key takeaways

Jack Lilley

Verified Mark Certificates (VMCs) and Common Mark Certificates (CMCs) continue to evolve, and staying up to date is crucial for organizations looking to authenticate their logos and enhance brand trust in email communication, this includes adhering to version 1.7 of the Minimum Security Requirements.  In this blog, we break down the 5 key changes…

Read more