Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail Check users

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail Check users

With the NCSC discontinuing key features of its Mail Check service, including DMARC aggregate and TLS reporting, after March 2025, UK public sector organisations must prepare for this change by transitioning to alternative email security solutions.

To support this shift, Red Sift is offering an extended free trial of its DMARC application, OnDMARC, providing continued protection and oversight up to 31 March 2025—beyond Mail Check’s service end date.

For public sector organisations, the UK government’s G-Cloud 14 Digital Marketplace offers a straightforward and secure way to procure cloud-based DMARC solutions tailored to their needs.

In this guide, we’ll explore the top DMARC options on G-Cloud 14 and provide key considerations for selecting your next email security solution.

Why the changes to Mail Check require action

The NCSC’s Mail Check service has long been a trusted resource for UK public sector organisations to manage their email security. However, as the service evolves to focus on accessibility and scalability, some key features will no longer be available, including:

  • DMARC aggregate reporting: Vital for monitoring unauthorised use of domains and identifying and managing new senders.
  • TLS reporting: Key to identifying and resolving encryption issues.
  • DKIM checks: Essential for ensuring email authenticity.

These changes offer an opportunity to adopt more comprehensive solutions, but organisations must act to ensure continuity. Falling out of DMARC compliance risks violating frameworks like the Cyber Assurance Framework (CAF), exposing domains to phishing or spoofing. For those with a DMARC “reject” policy, non-compliance could disrupt business continuity, blocking or misrouting legitimate emails.

How G-Cloud helps simplify the transition

G-Cloud 14 provides a fast, secure way for public sector organisations to procure cloud-based security solutions. Pre-vetted suppliers and compliance-aligned offerings ensure a smooth transition while meeting government cybersecurity standards.

Understanding the UK government’s cybersecurity requirements

When selecting a DMARC solution, it’s essential to align with the UK government’s cybersecurity policies. Public sector organisations must:

  • Authenticate emails: Implement DMARC, DKIM, and SPF records.
  • Filter threats: Enforce DMARC on inbound emails and deploy spam/malware filtering.
  • Enable reporting: Activate DMARC and TLS reporting (TLS-RPT).
  • Validate services: Ensure all email-sending services have valid PTR records.
  • Support TLS v1.2 or later: Publish MTA-STS policies for secure transmission.

Ensuring compliance with DMARC, DKIM, and SPF standards safeguards business email and defends against phishing email threats, strengthening organisational security and protecting critical communications.

Top DMARC solutions on G-Cloud 14

While there are over 60 results for DMARC solutions on G-Cloud 14, most are reseller listings of the same four key SaaS solutions. These represent the main DMARC providers available on the marketplace, each offering varying levels of compliance with the UK government’s email security requirements. To help you navigate these options, we’ve compared their capabilities in the table below, so you can assess how they stack up and choose the one that best meets your needs.

Red Sift OnDMARCValimail EnforceProofpoint Email Fraud Defense Mimecast DMARC Analyzer
Service delivery
Direct
Reseller 
Features that the UK government requires and recommends
DMARC, DKIM & SPF implementation
DMARC aggregate reporting
MTA-STS implementation
TLS reporting
Security certifications
ISO 27001 certified 
Cyber Essentials certified
Support options available
Email or online ticketing
Phone
Web chatVery few (2 of 43 service providers)
Onsite supportVery few (2 of 43 service providers)
Additional features
Hosted DMARC, DKIM and SPF
Dynamic SPF✅ (macro-based)✅ (macro-based)
Forensic reporting ✅ (with enhanced forensic data)✅(no enhanced reporting data)✅ (no enhanced reporting data)✅(no enhanced reporting data)
Integrated BIMI with VMC/CMC provisioning
DNS configuration monitoring
Embedded LLM assistant
UK data residency

Red Sift OnDMARC: A trusted alternative to Mail Check

Among the DMARC solutions on G-Cloud 14, Red Sift OnDMARC stands out as a comprehensive and user-friendly replacement for Mail Check. Designed with the needs of UK public sector organisations in mind, it offers:

  • DMARC and TLS reporting: Equivalent capabilities to Mail Check, ensuring continuity in monitoring and compliance.
  • MTA-STS deployment: Simplifies hosting and management for TLS policies.
  • Dynamic SPF management: Keeps email authentication operational even as sending sources change.
  • UK data residency: Ensures compliance with local data protection regulations.
When I left Government I was keen to work with companies who worked in the same or related spaces: taking a bit of the problem set and fixing it. That’s when I encountered Red Sift and the excellent work they were doing bringing DMARC, and now other services, to the private sector and others facing the same problems. It’s an excellent company doing the right thing for a range of organisations.

Ciaran Martin

Founder and former CEO of the National Cyber Security Centre and Special Advisor to Red Sift

To combat advanced threats, OnDMARC offers DNS Guardian, which blocks malicious emails bypassing DMARC defences, such as domain takeovers and SubdoMailing attacks. It also includes an integrated, skilled up LLM that helps security teams quickly address misconfigurations and security gaps.

Red Sift is also backed by Cyber Essentials and ISO 27001 certifications, providing peace of mind for public sector buyers.

Red Sift OnDMARC is the only DMARC application available as a direct service, ensuring streamlined communication and support directly from the Red Sift Customer Success team. For organisations that prefer a managed service, OnDMARC is available on G-Cloud 14 through partners with extensive experience in deploying email security solutions (including DMARC) to organisations in the public and charity sectors. 

Get started with Red Sift OnDMARC with a free extended trial

To assist with the transition from Mail Check, Red Sift is offering impacted organisations an extended free trial, including beyond the service end date for Mail Check up to 31 March 2025.

PUBLISHED BY

Francesca Rünger-Field

22 Nov. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Winter wins: Red Sift OnDMARC wraps up 2024 as a G2 DMARC…

Francesca Rünger-Field

The season of giving has brought us another reason to celebrate! Red Sift OnDMARC continues its winning streak in G2’s Winter 2025 report, earning Leader status in the DMARC category for another consecutive season. This recognition reflects our strong market presence and the unwavering satisfaction of our customers. Cheers to wrapping up 2024 on…

Read more
AI

Text classification in the age of LLMs

Phong Nguyen

As natural language processing (NLP) advances, text classification remains a foundational task with applications in spam detection, sentiment analysis, topic categorization, and more. Traditionally, this task depended on rule-based systems and classical machine learning algorithms. However, the emergence of deep learning, transformer architectures, and Large Language Models (LLMs) has transformed text classification, allowing for…

Read more
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more