The National Cyber Security Center (NCSC) in the UK plans to reduce Mail Check functionality from 24 March 2025, eliminating detailed DMARC aggregate reporting.
This transition represents a critical juncture for public sector organizations throughout the UK, especially those that have depended on Mail Check for email security monitoring and domain safeguarding since its introduction in 2022.
DMARC aggregate reporting is a feedback mechanism that allows domain owners to receive information about emails sent using their domain name. When you implement DMARC (Domain-based Message Authentication, Reporting, and Conformance), receiving servers that support DMARC will compile reports about messages claiming to be from your domain and send these reports to an address you specify in your DMARC policy.
Take a look below at some of our findings for more information on these NCSC Mail Check changes, how they affect you, and what you can use as a free alternative to DMARC reporting.
What is DMARC Aggregate Reporting?
DMARC aggregate reports are XML documents that provide information about the authentication status of DMARC, SPF, and DKIM. This data is sent to the “rua” address and contains no sensitive information about email messages.
It encompasses aggregate information, including:
- Reporting ESP information
- Header-from domain
- DMARC policy and alignment settings
- Sender’s IP address
- Message authentication status and data
- Number of messages sent
How Aggregate Reporting Works
These reports contain anonymized, aggregated data, including:
- The volume of messages received
- Sources of messages (IP addresses)
- Authentication results (SPF and DKIM pass/fail status)
- Policy actions taken (none, quarantine, reject)
The reports are typically delivered in XML format once per day from each receiving server.
Critical Importance of DMARC Reporting
DMARC aggregate reporting is essential for several reasons:
- Visibility: It provides a comprehensive view of all email traffic using your domain, including legitimate and illegitimate sources.
- Threat Intelligence: It helps identify potential spoofing and phishing attempts targeting your organization.
- Implementation Guidance: It reveals configuration issues with your legitimate email systems that might affect deliverability.
- Compliance Verification: It confirms that your DMARC policy is working as intended and provides evidence for compliance requirements.
- Confidence in Enforcement: It allows organizations to move safely to stricter policies (quarantine/reject) after analyzing traffic patterns.
Current Industry Landscape
Email security has become increasingly critical with the rise of sophisticated phishing attacks. Many organizations still struggle with DMARC implementation despite its effectiveness. Current statistics show that while DMARC adoption is growing, many domains remain unprotected or incorrectly configured.
Several DMARC solutions exist in the marketplace. The better DMARC solutions like EasyDMARC offer not only visibility on the aggregate reports, but also advanced support and services to help you set up DMARC and reach a reject policy. This type of policy is the only DMARC policy that really protects you from email spoofing.
The Hidden Nature of DMARC
DMARC is often “invisible” to end users because many agencies and managed service providers include it as a standard security measure, handling the technical complexities behind the scenes. This has created a situation where organizations may not fully understand the importance of DMARC reporting until it’s no longer available.
The NCSC’s decision to scale back Mail Check’s DMARC reporting capabilities will require many UK public sector organizations to take a more active role in their email security management. This change means companies and public sector entities that previously relied on Mail Check will need to:
- Identify alternative DMARC reporting solutions
- Allocate resources to implement and manage these alternatives
- Develop internal expertise or partner with third parties for ongoing monitoring and maintenance
- Potentially adjust budgets to accommodate new security tooling
For smaller organizations with limited security resources, this transition may be particularly challenging, potentially creating gaps in email security posture if not properly addressed.
What do the UK’s NCSC Mail Check Changes Mean for You?
The NCSC’s shift from DMARC aggregate reporting aligns with its mission to expand basic cybersecurity accessibility. It has stated that by reallocating resources from specialized reporting to foundational security checks, it aims to strengthen protections for organizations with limited security resources, while still recognizing DKIM’s importance.
Read more below to find out how these DMARC reporting changes affect you.
The Challenge
The NCSC Mail Check changes mean public sector organizations will no longer receive automated XML reports detailing email authentication results through Mail Check. This creates a critical visibility gap in threat detection.
For security teams, this means losing valuable data that often provides early warning of sophisticated phishing campaigns. Organizations that integrated Mail Check analytics into their security operations must implement replacement services before 24 March 2025.
Without these reports, security teams lose insight into:
- Potential domain spoofing
- Potential phishing campaigns
- The complete email infrastructure of the organization
The Solution
With Mail Check no longer offering valuable aggregate reporting, public sector organizations need an alternative DMARC reporting solution like EasyDMARC, which maintains this essential functionality, while remaining accessible to teams without specialized email security expertise.
Try out our free DMARC checker.
Best Alternatives for DMARC Reporting
Thankfully, there are easy ways to ensure you’re still getting DMARC aggregate reports.
Several security vendors offer free DMARC reporting solutions, understanding that widespread DMARC implementation creates a safer email environment for everyone. However, most of those solutions have very limited features or cover a very low email volume. They are not meant to be used by active public sector organizations that send and receive thousands of emails monthly.
For comprehensive monitoring and maintenance, especially if you are not a DMARC expert, some providers offer managed services. These services include guided setup and ongoing support through consultations, as well as ensuring your domain remains at the “reject” enforcement level, once reached, for optimal security.
Our team at EasyDMARC has designed our platform to simplify the implementation process through clear guidance and visualizations that help security teams understand their email ecosystem without requiring specialist DMARC knowledge. On top of that, we offer top-class managed services, which is proven by the high G2 scores we receive for our technical support.
The reporting transition can typically be completed by simply updating your domain’s DMARC record to direct aggregate reports to EasyDMARC, a straightforward DNS change. This ensures that essential email security monitoring remains accessible regardless of budget constraints, allowing organizations of all sizes to maintain strong protection against domain-based email threats despite the upcoming changes. As an alternative to Mail Check’s DMARC reporting service, we’re committed to making DMARC adoption accessible to everyone.
Try EasyDMARC to Set Up Your DMARC Reporting
Our comprehensive email authentication platform is designed to simplify DMARC implementation, monitoring, and maintenance. With features like automated reporting, real-time monitoring, and guided remediation, we remove the complexity from email security management.
EasyDMARC provides significant value over costly DMARC solutions by offering clear visualizations of authentication results, identifying potential vulnerabilities, and highlighting configuration issues that might otherwise go unnoticed. In addition, we offer top-class managed services to ensure a hassle-free move from Mail Check’s DMARC aggregate reporting and to guarantee none of your legitimate emails are rejected due to incorrect DMARC configuration.
DMARC enforcement has become increasingly critical as email-based threats continue to evolve and intensify. Recent changes to email authentication standards by major providers have made proper DMARC deployment not only beneficial but also necessary for reliable email delivery.
Try our platform for free today to secure your email ecosystem with our DMARC reporting services. Whether you’re just beginning your email authentication journey or looking to enhance existing protocols, we provide the tools and insights needed to establish robust protection without the complexity typically associated with DMARC implementation.
Upload your XML report with our DMARC Report Analyzer.
Frequently Asked Questions
Set up typically takes less than 30 minutes. After creating an account, you’ll need to update your DNS records with the new RUA address (Reporting URI for aggregate reports) we provide you with. Once this change propagates (usually within 24 to 48 hours), you’ll start receiving reports automatically. The dashboard will begin populating with meaningful data within 3 to 5 days as more email receivers submit their aggregate reports.
Yes, we provide basic technical support even for free-tier users. This includes access to documentation, setup guides, and limited email support for implementation questions. For more complex issues or priority support, premium tiers offer additional assistance options, including dedicated support specialists and implementation consultations.
Our free tier provides essential DMARC reporting capabilities, including basic aggregate report analysis, simple visualizations, and fundamental threat detection. It is limited to 1000 emails/month. During our free trial, you can experience the full service without this limitation.
Paid tiers add features like forensic reporting, advanced threat intelligence, custom alerting, API access, multi-domain management, longer data retention periods, and dedicated support, and go up to unlimited email volume. Organizations typically upgrade when they need more detailed analytics, manage multiple domains, or require enterprise-level features.
We offer migration assistance for organizations transitioning from Mail Check, including those with custom integrations. Our platform provides API access (in paid tiers) that allows for similar data extraction capabilities. Our team can also provide consultation on recreating custom workflows and integrating with existing security tools. For complex migrations, we offer professional services to ensure continuity in your email security monitoring.
We are fully compliant with GDPR and UK data protection regulations, undergoing regular security assessments and maintaining compliance with relevant industry standards. We maintain data processing agreements with customers, use encryption for data in transit and at rest, and offer data residency options for organizations with specific jurisdictional requirements.
We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.
You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us