Prepare for the Mail Check deadline

Executive Summary: The NCSC is updating its Mail Check services, discontinuing features like DMARC aggregate reporting to enhance accessibility and manage costs. Public sector organisations relying on these services should explore alternative DMARC reporting solutions to maintain email security.​

This article:

  • Discusses the National Cyber Security Centre’s (NCSC) updates to Mail Check services.​
  • Highlights the discontinuation of features like DMARC aggregate reporting.​
  • Advises public sector organisations to seek alternative solutions for DMARC reporting.

Introduction

The National Cyber Security Centre (NCSC) is modifying Mail Check services to discontinue certain features, such as DMARC aggregate reporting, while continuing others. These changes aim to expand Mail Check’s accessibility to all UK-based organisations and manage service complexity and costs. Public sector organisations relying on Mail Check for DMARC aggregate reporting should seek an alternative service provider before 24 March 2025.

Without adopting an alternative provider, such as Red Sift OnDMARC, security teams risk being exposed to phishing and spoofing attempts, Business Email Compromise (BEC) attacks, and misconfigured security. The main changes and what to expect include:

  • Discontinuation of DMARC aggregate reporting: Mail Check will no longer provide DMARC aggregate reporting, which has been essential for monitoring unauthorized use of domains and identifying potential email-based threats.
  • Cessation of DMARC insights and DKIM checks: The service will stop offering DMARC insights and DomainKeys Identified Mail (DKIM) checks, tools crucial for diagnosing and resolving email authentication issues.
  • End of TLS reporting (TLS-RPT): Mail Check will discontinue Transport Layer Security Reporting, which has been used to monitor and ensure the security of email transmissions.

After 24 March 2025, Mail Check will continue to assess DMARC policies, SPF policies, MTA-STS policies, and inbound TLS configurations.

Don’t take a risk on compliance

If UK public sector organisations fail to adopt a new service provider following the upcoming changes to Mail Check, they could face several serious consequences:

  1. Compliance and regulatory risks

Many UK public sector organisations must comply with NCSC guidelines, GDPR, and the Cyber Assessment Framework (CAF) and PCI-DSS 4.0. Without DMARC aggregate reporting, organisations risk non-compliance, leading to potential fines, audits, or reputational damage due to lack of full visibility into outbound email communications.

  1.  No DMARC aggregate reporting: No visibility

Without DMARC aggregate reporting and insights, organisations will lose visibility into unauthorized use of their domains. This makes it easier for cybercriminals to impersonate government entities, send fraudulent emails, and launch BEC attacks.

  1. Lack of threat intelligence and incident response capabilities

The discontinuation of TLS-RPT and forensic DMARC insights means organisations will lose access to crucial security data that helps detect threats in real-time. Without this visibility, responding to cyber incidents will be slower and less effective, increasing the risk of data breaches and operational disruptions.

Red Sift OnDMARC is here to help

The NCSC advises affected departments to transition to a solution that ensures continued DMARC implementation and ongoing support for the services Mail Check will no longer provide. To assist with this shift, Red Sift is offering an extended free trial, available beyond Mail Check’s service end date, running until March 31, 2025.

What’s the key difference?

Mail Check 
(after March)
Red Sift OnDMARC
DMARC Aggregate Reporting
DMARC Insights & Forensic Reporting 
SPF & DKIM checks
TLS Reporting (TLS-RPT)
DMARC policy assessment
SPF policy strength evaluation
Inbound TLS configuration checks
MTA-STS policy assessment

Red Sift OnDMARC provides a seamless alternative, delivering the same essential reporting features as Mail Check while enhancing data insights for improved security oversight. Along with TLS reporting, OnDMARC simplifies the adoption of new security measures like MTA-STS, offering a one-click deployment to streamline policy management and hosting.

Start your Red Sift OnDMARC trial today and stay protected.

PUBLISHED BY

Lewis Rogers

26 Feb. 2025

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
BEC

The threat of Business Email Compromise in US healthcare

Jack Lilley

Executive summary: Business Email Compromise is siphoning billions from U.S. healthcare by exploiting human trust instead of software flaws. Spoofed or hijacked messages authorize fraudulent payments, spark ransomware, and expose patient data—causing crippling financial, operational, and compliance damage. Deploying DMARC, MFA, and rigorous multi-person payment checks is now critical. 3 key takeaways Business Email…

Read more
Email

Cloudflare selects Red Sift as a preferred partner to provide DMARC and…

Rebecca Warren

AI-generated email attacks are rapidly growing in scale and sophistication, demanding stronger defenses from at-risk organizations. Starting today, Red Sift is excited to announce a new strategic partnership with Cloudflare, the leading connectivity cloud company, to deliver its market-leading email security application, Red Sift OnDMARC, to a broader global audience.  Today’s alignment enhances Cloudflare’s…

Read more
Cybersecurity

New Zealand moves to mandate DMARC enforcement

Jack Lilley

Executive summary: New Zealand’s Secure Government Email Framework mandates DMARC at p=reject—plus hard-fail SPF, universal DKIM, enforced MTA-STS, and TLS-RPT—by October 2025. The rules replace SEEMail, curb soaring phishing losses, and will affect every organization that emails the public sector. Key takeaways: The New Zealand Government has recently published the Secure Government Email (SGE) Common…

Read more
BEC

DMARC: The best ROI for your organization

Jack Lilley

Executive summary: Implementing DMARC delivers one of the clearest, fastest returns on investment in email security. By authenticating outgoing mail and blocking spoofed messages, DMARC cuts the direct costs of phishing and Business Email Compromise, safeguards brand reputation, and boosts deliverability—ultimately driving revenue and trimming operational workload. Key takeaways: Email is a critical communication tool for…

Read more