Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail Check users

With the NCSC discontinuing key features of its Mail Check service, including DMARC aggregate and TLS reporting, after March 2025, UK public sector organisations must prepare for this change by transitioning to alternative email security solutions.

To support this shift, Red Sift is offering an extended free trial of its DMARC application, OnDMARC, providing continued protection and oversight up to 31 March 2025—beyond Mail Check’s service end date.

For public sector organisations, the UK government’s G-Cloud 14 Digital Marketplace offers a straightforward and secure way to procure cloud-based DMARC solutions tailored to their needs.

In this guide, we’ll explore the top DMARC options on G-Cloud 14 and provide key considerations for selecting your next email security solution.

Why the changes to Mail Check require action

The NCSC’s Mail Check service has long been a trusted resource for UK public sector organisations to manage their email security. However, as the service evolves to focus on accessibility and scalability, some key features will no longer be available, including:

• DMARC aggregate reporting: Vital for monitoring unauthorised use of domains and identifying and managing new senders.
• TLS reporting: Key to identifying and resolving encryption issues.
• DKIM checks: Essential for ensuring email authenticity.

These changes offer an opportunity to adopt more comprehensive solutions, but organisations must act to ensure continuity. Falling out of DMARC compliance risks violating frameworks like the Cyber Assessment Framework (CAF), exposing domains to phishing or spoofing. For those with a DMARC “reject” policy, non-compliance could disrupt business continuity, blocking or misrouting legitimate emails.

How G-Cloud helps simplify the transition

G-Cloud 14 provides a fast, secure way for public sector organisations to procure cloud-based security solutions. Pre-vetted suppliers and compliance-aligned offerings ensure a smooth transition while meeting government cybersecurity standards.

Understanding the UK government’s cybersecurity requirements

When selecting a DMARC solution, it’s essential to align with the UK government’s cybersecurity policies. Public sector organisations must:

• Authenticate emails: Implement DMARC, DKIM, and SPF records.
• Filter threats: Enforce DMARC on inbound emails and deploy spam/malware filtering.
• Enable reporting: Activate DMARC and TLS reporting (TLS-RPT).
• Validate services: Ensure all email-sending services have valid PTR records.
• Support TLS v1.2 or later: Publish MTA-STS policies for secure transmission.

Ensuring compliance with DMARC, DKIM, and SPF standards safeguards business email and defends against phishing email threats, strengthening organisational security and protecting critical communications.

Top DMARC solutions on G-Cloud 14

While there are over 60 results for DMARC solutions on G-Cloud 14, most are reseller listings of the same four key SaaS solutions. These represent the main DMARC providers available on the marketplace, each offering varying levels of compliance with the UK government’s email security requirements. To help you navigate these options, we’ve compared their capabilities in the table below, so you can assess how they stack up and choose the one that best meets your needs.

Please note that we have excluded smaller vendors not featured on G-Cloud 14.

Red Sift OnDMARC: A trusted alternative to Mail Check

Among the DMARC solutions on G-Cloud 14, Red Sift OnDMARC stands out as a comprehensive and user-friendly replacement for Mail Check. Designed with the needs of UK public sector organisations in mind, it offers:

• DMARC and TLS reporting: Equivalent capabilities to Mail Check, ensuring continuity in monitoring and compliance.
• MTA-STS deployment: Simplifies hosting and management for TLS policies.
• Dynamic SPF management: Keeps email authentication operational even as sending sources change.
• UK data residency: Ensures compliance with local data protection regulations.

“When I left Government I was keen to work with companies who worked in the same or related spaces: taking a bit of the problem set and fixing it. That’s when I encountered Red Sift and the excellent work they were doing bringing DMARC, and now other services, to the private sector and others facing the same problems. It’s an excellent company doing the right thing for a range of organisations.”

Ciaran Martin

Founder and former CEO of the National Cyber Security Centre and Special Advisor to Red Sift

To combat advanced threats, OnDMARC offers DNS Guardian, which blocks malicious emails bypassing DMARC defences, such as domain takeovers and SubdoMailing attacks. It also includes an integrated, skilled up LLM that helps security teams quickly address misconfigurations and security gaps.

Red Sift is also backed by Cyber Essentials and ISO 27001 certifications, providing peace of mind for public sector buyers.

Red Sift OnDMARC is the only DMARC application available as a direct service, ensuring streamlined communication and support directly from the Red Sift Customer Success team. For organisations that prefer a managed service, OnDMARC is available on G-Cloud 14 through partners with extensive experience in deploying email security solutions (including DMARC) to organisations in the public and charity sectors. 

Get started with Red Sift OnDMARC with a free extended trial

To assist with the transition from Mail Check, Red Sift is offering impacted organisations an extended free trial, including beyond the service end date for Mail Check up to 31 March 2025.