Prepare for the Mail Check deadline

Executive Summary: The NCSC is updating its Mail Check services, discontinuing features like DMARC aggregate reporting to enhance accessibility and manage costs. Public sector organisations relying on these services should explore alternative DMARC reporting solutions to maintain email security.​

This article:

  • Discusses the National Cyber Security Centre’s (NCSC) updates to Mail Check services.​
  • Highlights the discontinuation of features like DMARC aggregate reporting.​
  • Advises public sector organisations to seek alternative solutions for DMARC reporting.

Introduction

The National Cyber Security Centre (NCSC) is modifying Mail Check services to discontinue certain features, such as DMARC aggregate reporting, while continuing others. These changes aim to expand Mail Check’s accessibility to all UK-based organisations and manage service complexity and costs. Public sector organisations relying on Mail Check for DMARC aggregate reporting should seek an alternative service provider before 24 March 2025.

Without adopting an alternative provider, such as Red Sift OnDMARC, security teams risk being exposed to phishing and spoofing attempts, Business Email Compromise (BEC) attacks, and misconfigured security. The main changes and what to expect include:

  • Discontinuation of DMARC aggregate reporting: Mail Check will no longer provide DMARC aggregate reporting, which has been essential for monitoring unauthorized use of domains and identifying potential email-based threats.
  • Cessation of DMARC insights and DKIM checks: The service will stop offering DMARC insights and DomainKeys Identified Mail (DKIM) checks, tools crucial for diagnosing and resolving email authentication issues.
  • End of TLS reporting (TLS-RPT): Mail Check will discontinue Transport Layer Security Reporting, which has been used to monitor and ensure the security of email transmissions.

After 24 March 2025, Mail Check will continue to assess DMARC policies, SPF policies, MTA-STS policies, and inbound TLS configurations.

Don’t take a risk on compliance

If UK public sector organisations fail to adopt a new service provider following the upcoming changes to Mail Check, they could face several serious consequences:

  1. Compliance and regulatory risks

Many UK public sector organisations must comply with NCSC guidelines, GDPR, and the Cyber Assessment Framework (CAF) and PCI-DSS 4.0. Without DMARC aggregate reporting, organisations risk non-compliance, leading to potential fines, audits, or reputational damage due to lack of full visibility into outbound email communications.

  1.  No DMARC aggregate reporting: No visibility

Without DMARC aggregate reporting and insights, organisations will lose visibility into unauthorized use of their domains. This makes it easier for cybercriminals to impersonate government entities, send fraudulent emails, and launch BEC attacks.

  1. Lack of threat intelligence and incident response capabilities

The discontinuation of TLS-RPT and forensic DMARC insights means organisations will lose access to crucial security data that helps detect threats in real-time. Without this visibility, responding to cyber incidents will be slower and less effective, increasing the risk of data breaches and operational disruptions.

Red Sift OnDMARC is here to help

The NCSC advises affected departments to transition to a solution that ensures continued DMARC implementation and ongoing support for the services Mail Check will no longer provide. To assist with this shift, Red Sift is offering an extended free trial, available beyond Mail Check’s service end date, running until March 31, 2025.

What’s the key difference?

Mail Check 
(after March)
Red Sift OnDMARC
DMARC Aggregate Reporting
DMARC Insights & Forensic Reporting 
SPF & DKIM checks
TLS Reporting (TLS-RPT)
DMARC policy assessment
SPF policy strength evaluation
Inbound TLS configuration checks
MTA-STS policy assessment

Red Sift OnDMARC provides a seamless alternative, delivering the same essential reporting features as Mail Check while enhancing data insights for improved security oversight. Along with TLS reporting, OnDMARC simplifies the adoption of new security measures like MTA-STS, offering a one-click deployment to streamline policy management and hosting.

Start your Red Sift OnDMARC trial today and stay protected.

PUBLISHED BY

Lewis Rogers

26 Feb. 2025

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

Keep your Microsoft Online Email Routing Address secure with Red Sift OnDMARC

Faisal Misle

Every Microsoft 365 tenant includes a default domain in the format tenantname.onmicrosoft.com. This is known as the Microsoft Online Email Routing Address (MOERA). What many don’t realize is that attackers have started using these domains to impersonate organizations in phishing attacks. If left unmonitored, MOERA domains can become a blind spot in your email…

Read more
News

Red Sift OnDMARC ranked #1 in EMEA and Europe for DMARC in…

Francesca Rünger-Field

G2’s Spring 2025 Report is here, and we’ve got some exciting news to share! Red Sift OnDMARC has been named the #1-rated DMARC solution in both EMEA and Europe, and that’s just the start. We also took the #1 spot in the Mid-Market Results Index and Mid-Market Usability Index, and were featured in 18…

Read more
DMARC

The Mail Check deadline has passed: Is your organisation at risk? 

Jack Lilley

The National Cyber Security Centre (NCSC) proposed changes to Mail Check services came into effect on 24 March 2025, including the ending of DMARC aggregate reporting. Organisations who are yet to comply must now seek an alternative provider or risk exposure to harmful cybersecurity incidents. This change comes as a measure to expand the…

Read more
Awards

Red Sift named a Top 50 company in 2025 Emerging Stars Awards

Jack Lilley

We’re pleased to share that Red Sift has been named Best Performing Company – Security & Infrastructure in the 2025 Emerging Stars Awards. These awards, part of the Megabuyte100 series, recognise the UK’s 50 best-performing scale-up technology companies based on solid financial performance, from over 800 entries.  Being recognised in this category reflects the…

Read more