NCSC DMARC Changes: Mail Check Alternatives for UK Organisations
Update: February 26, 2026
NCSC’s decision to discontinue selected cybersecurity services is rooted in its Active Cyber Defence 2.0 roadmap, which transitions from government-provided services to supporting a mature cyber resilience marketplace. As a part of these changes, NCSC strongly recommends finding DMARC reporting and monitoring alternatives for Mail Check; they also recommend implementing an EASM to replace Web Check in order to meet compliance requirements.
On March 31, 2026, NCSC will fully retire Mail Check and Web Check; UK public sector users will no longer receive findings related to those services. NCSC officials recommend acting now to make sure there’s enough time for proper deployment of DMARC and other controls before Mail Check and Web Check are no longer available.
Last spring the NCSC discontinued key features in its Mail Check Platform, including DMARC Aggregate Report (RUA), DMARC Insights (with DKIM checks), and TLS reporting.
This change affects an estimated 17,000 UK organisations that rely on Mail Check for visibility into domain spoofing, phishing, and misconfigurations.
What’s Changing with Mail Check?
The NCSC is simplifying Mail Check to scale the platform for more users. As a result, the following services will be removed:
- DMARC Aggregate Reporting
- DMARC Insights (including DKIM analysis)
- TLS-RPT Reporting
Mail Check will continue to provide basic DNS record checks for:
- DMARC policy syntax and enforcement level
- SPF record effectiveness
- MTA-STS policy validation
- Inbound TLS configuration
However, these checks do not provide usage date, leaving owners without visibility into who is sending emails on their behalf.
Why DMARC Reporting Still Matters
DMARC reports are essential for:
- Detecting Spoofing & Phishing: Identify unauthorized senders using your domain
- Ensure Email Delivery: Catch authentication issues that cause legitimate mail to fail
- Regulatory Compliance: Meet NCSC and sector-specific security standards
The NCSC recognizes in its announcement that DMARC aggregate reports are critical and encourages the 17,000 organisations registered with Mail Check to adopt alternative DMARC tools to maintain control over their email domains.
Learn how dmarcian can help organisations fill the Mail Check DMARC aggregate reporting void and reach DMARC compliance.
What to Look for in a Mail Check Alternative
If your organisation relied on Mail Check, now is the time to transition to a robust DMARC reporting solution. Look for:
- Comprehensive DMARC data analysis
- DKIM and SPF monitoring
- TLS-RPT support
- UK/EU-based support and data hosting
Why Choose dmarcian?
Founded by the primary author of the DMARC standard, dmarcian offers trusted, GDPR-compliant DMARC solutions for UK organisations:
- Visualised DMARC data: Turn XML reports into clear, actionable dashboards
- TLS reporting: Spot insecure server connections
- UK/EU support: Local team in Ireland and EU-hosted data centre
“Whether you find the Mail Check changes tricky or straightforward, we at dmarcian are here to help. With our expert team based right here in Ireland, a European data centre, and a trusted application used across Europe, we’ll make sure the transition feels stress-free for you.”
—Dermot Harnett, Director of EMEA Business Unit
Next Steps
Regain the visibility lost by Mail Check ending reporting and stay secure and compliant with dmarcian and maintain control over your email domains.
Want to continue the conversation? Head over to the dmarcian Forum.
Frequently Asked Questions
The commercial cybersecurity market has matured and offers reliable alternatives.
Mail Check helps domain owners identify, understand and prevent email abuse; Web Check monitors your domain for common web vulnerabilities and misconfigurations.
Free DMARC tools can help you get started with DMARC, but they do not meet the full NCSC compliance requirements. They typically lack the reporting volume and data retention needed for audits, as well as the ongoing visibility required to reach and maintain a p=reject policy as recommended by the NCSC.
