With the NCSC discontinuing key features of its Mail Check service, including DMARC aggregate and TLS reporting, after March 2025, UK public sector organisations must prepare for this change by transitioning to alternative email security solutions.
To support this shift, Red Sift is offering an extended free trial of its DMARC application, OnDMARC, providing continued protection and oversight up to 31 March 2025—beyond Mail Check’s service end date.
For public sector organisations, the UK government’s G-Cloud 14 Digital Marketplace offers a straightforward and secure way to procure cloud-based DMARC solutions tailored to their needs.
In this guide, we’ll explore the top DMARC options on G-Cloud 14 and provide key considerations for selecting your next email security solution.
Why the changes to Mail Check require action
The NCSC’s Mail Check service has long been a trusted resource for UK public sector organisations to manage their email security. However, as the service evolves to focus on accessibility and scalability, some key features will no longer be available, including:
- DMARC aggregate reporting: Vital for monitoring unauthorised use of domains and identifying and managing new senders.
- TLS reporting: Key to identifying and resolving encryption issues.
- DKIM checks: Essential for ensuring email authenticity.
These changes offer an opportunity to adopt more comprehensive solutions, but organisations must act to ensure continuity. Falling out of DMARC compliance risks violating frameworks like the Cyber Assessment Framework (CAF), exposing domains to phishing or spoofing. For those with a DMARC “reject” policy, non-compliance could disrupt business continuity, blocking or misrouting legitimate emails.
How G-Cloud helps simplify the transition
G-Cloud 14 provides a fast, secure way for public sector organisations to procure cloud-based security solutions. Pre-vetted suppliers and compliance-aligned offerings ensure a smooth transition while meeting government cybersecurity standards.
Understanding the UK government’s cybersecurity requirements
When selecting a DMARC solution, it’s essential to align with the UK government’s cybersecurity policies. Public sector organisations must:
- Authenticate emails: Implement DMARC, DKIM, and SPF records.
- Filter threats: Enforce DMARC on inbound emails and deploy spam/malware filtering.
- Enable reporting: Activate DMARC and TLS reporting (TLS-RPT).
- Validate services: Ensure all email-sending services have valid PTR records.
- Support TLS v1.2 or later: Publish MTA-STS policies for secure transmission.
Ensuring compliance with DMARC, DKIM, and SPF standards safeguards business email and defends against phishing email threats, strengthening organisational security and protecting critical communications.
Top DMARC solutions on G-Cloud 14
While there are over 60 results for DMARC solutions on G-Cloud 14, most are reseller listings of the same four key SaaS solutions. These represent the main DMARC providers available on the marketplace, each offering varying levels of compliance with the UK government’s email security requirements. To help you navigate these options, we’ve compared their capabilities in the table below, so you can assess how they stack up and choose the one that best meets your needs.
Please note that we have excluded smaller vendors not featured on G-Cloud 14.
| Red Sift OnDMARC | Valimail Enforce | Proofpoint Email Fraud Defense | Mimecast DMARC Analyzer | |
| Service delivery | ||||
| Direct | ✅ | ❌ | ❌ | ❌ |
| Reseller | ✅ | ✅ | ✅ | ✅ |
| Features that the UK government requires and recommends | ||||
| DMARC, DKIM & SPF implementation | ✅ | ✅ | ✅ | ✅ |
| DMARC aggregate reporting | ✅ | ✅ | ✅ | ✅ |
| MTA-STS implementation | ✅ | ❌ | ❌ | ❌ |
| TLS reporting | ✅ | ❌ | ❌ | ❌ |
| Security certifications | ||||
| ISO 27001 certified | ✅ | ❌ | ✅ | ✅ |
| Cyber Essentials certified | ✅ | ❌ | ❌ | ❌ |
| Support options available | ||||
| Email or online ticketing | ✅ | ✅ | ✅ | ✅ |
| Phone | ✅ | ✅ | ✅ | ✅ |
| Web chat | ✅ | ❌ | Very few (2 of 43 service providers) | ❌ |
| Onsite support | ✅ | ❌ | Very few (2 of 43 service providers) | ❌ |
| Additional features | ||||
| Hosted DMARC, DKIM and SPF | ✅ | ✅ | ✅ | ✅ |
| Dynamic SPF | ✅ | ✅ (macro-based) | ✅ (macro-based) | ✅ |
| Forensic reporting | ✅ (with enhanced forensic data) | ✅(no enhanced reporting data) | ✅ (no enhanced reporting data) | ✅(no enhanced reporting data) |
| Integrated BIMI with VMC/CMC provisioning | ✅ | ❌ | ❌ | ❌ |
| DNS configuration monitoring | ✅ | ❌ | ❌ | ❌ |
| Embedded LLM assistant | ✅ | ❌ | ❌ | ❌ |
| UK data residency | ✅ | ❌ | ❌ | ✅ |
Red Sift OnDMARC: A trusted alternative to Mail Check
Among the DMARC solutions on G-Cloud 14, Red Sift OnDMARC stands out as a comprehensive and user-friendly replacement for Mail Check. Designed with the needs of UK public sector organisations in mind, it offers:
- DMARC and TLS reporting: Equivalent capabilities to Mail Check, ensuring continuity in monitoring and compliance.
- MTA-STS deployment: Simplifies hosting and management for TLS policies.
- Dynamic SPF management: Keeps email authentication operational even as sending sources change.
- UK data residency: Ensures compliance with local data protection regulations.
Ciaran Martin
Founder and former CEO of the National Cyber Security Centre and Special Advisor to Red SiftTo combat advanced threats, OnDMARC offers DNS Guardian, which blocks malicious emails bypassing DMARC defences, such as domain takeovers and SubdoMailing attacks. It also includes an integrated, skilled up LLM that helps security teams quickly address misconfigurations and security gaps.
Red Sift is also backed by Cyber Essentials and ISO 27001 certifications, providing peace of mind for public sector buyers.
Red Sift OnDMARC is the only DMARC application available as a direct service, ensuring streamlined communication and support directly from the Red Sift Customer Success team. For organisations that prefer a managed service, OnDMARC is available on G-Cloud 14 through partners with extensive experience in deploying email security solutions (including DMARC) to organisations in the public and charity sectors.
Get started with Red Sift OnDMARC with a free extended trial
To assist with the transition from Mail Check, Red Sift is offering impacted organisations an extended free trial, including beyond the service end date for Mail Check up to 31 March 2025.
