{"id":48368,"date":"2025-06-11T06:52:30","date_gmt":"2025-06-11T06:52:30","guid":{"rendered":"https:\/\/easydmarc.com\/blog\/?p=48368"},"modified":"2025-07-16T07:09:54","modified_gmt":"2025-07-16T07:09:54","slug":"new-zealands-email-security-requirements","status":"publish","type":"post","link":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/","title":{"rendered":"New Zealand&#8217;s Email Security Requirements for Government Organizations: What You Need to Know"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-the-secure-government-email-sge-common-implementation-framework\">The Secure Government Email (SGE) Common Implementation Framework<\/h2>\n\n\n\n<p>New Zealand\u2019s government is introducing a comprehensive email security framework designed to protect official communications from phishing and domain spoofing. This new framework, which will be mandatory for all government agencies by October 2025, establishes clear technical standards to enhance email security and retire the outdated SEEMail service.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-key-takeaways\">Key Takeaways<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>All NZ government agencies must comply with new email security requirements by October 2025.<\/li>\n\n\n\n<li>The new framework strengthens trust and security in government communications by preventing spoofing and phishing.<\/li>\n\n\n\n<li>The framework mandates TLS 1.2+, SPF, DKIM, DMARC with p=reject, MTA-STS, and DLP controls.<\/li>\n\n\n\n<li>EasyDMARC simplifies compliance with our guided setup, monitoring, and automated reporting.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-background-color has-text-color has-background has-link-color wp-element-button\" href=\"https:\/\/uac.easydmarc.com\/realms\/easydmarc\/protocol\/openid-connect\/registrations?client_id=dmarc-app&amp;response_type=code&amp;scope=openid+email&amp;redirect_uri=https%3A%2F%2Fapp.easydmarc.com%2Flogin%2Fcallback&amp;ui_locales=US&amp;state=eyJ1c2VySXAiOiI5MS4xMDMuMjUwLjE2NSIsImdvVXJsIjoiIiwibG9naW5PcHRpb25zIjp7fX0%3D\" style=\"background-color:#3fbdf7\">Start a Free Trial<\/a><\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-is-the-secure-government-email-common-implementation-framework\">What is the Secure Government Email Common Implementation Framework?<\/h2>\n\n\n\n<p>The <a href=\"https:\/\/www.digital.govt.nz\/assets\/Products-and-services-A-Z\/Secure-Government-Email-Common-Implementation-Framework-V1.0-External.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Secure Government Email (SGE) Common Implementation Framework<\/a> is a new government-led initiative in New Zealand designed to standardize email security across all government agencies. Its main goal is to secure external email communication, reduce domain spoofing in phishing attacks, and replace the legacy SEEMail service.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why is New Zealand Implementing New Government Email Security Standards?<\/h2>\n\n\n\n<p>The framework was developed by New Zealand\u2019s Department of Internal Affairs (DIA) as part of its role in managing ICT Common Capabilities. It leverages modern email security controls via the<a href=\"https:\/\/easydmarc.com\/blog\/what-is-a-dns-record-dns-records-explained\/\"> Domain Name System (DNS)<\/a> to enable the retirement of the legacy SEEMail service and provide:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Encryption for transmission security<\/li>\n\n\n\n<li>Digital signing for message integrity<\/li>\n\n\n\n<li>Basic non-repudiation (by allowing only authorized senders)<\/li>\n\n\n\n<li>Domain spoofing protection<\/li>\n<\/ul>\n\n\n\n<p>These improvements apply to all emails, not just those routed through SEEMail, offering broader protection across agency communications.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-email-security-technologies-are-required-by-the-new-nz-sge-framework\">What Email Security Technologies Are Required by the New NZ SGE Framework?<\/h2>\n\n\n\n<p>The SGE Framework outlines the following key technologies that agencies must implement:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>TLS 1.2 or higher with implicit TLS enforced<\/li>\n\n\n\n<li>TLS-RPT (TLS Reporting)<\/li>\n\n\n\n<li>SPF (Sender Policy Framework)<\/li>\n\n\n\n<li><a href=\"https:\/\/easydmarc.com\/blog\/what-is-dkim\/\">DKIM<\/a> (DomainKeys Identified Mail)<\/li>\n\n\n\n<li>DMARC (Domain-based Message Authentication, Reporting, and Conformance) with reporting<\/li>\n\n\n\n<li>MTA-STS (Mail Transfer Agent Strict Transport Security)<\/li>\n\n\n\n<li>Data Loss Prevention controls<\/li>\n<\/ul>\n\n\n\n<p>These technologies work together to ensure encrypted email transmission, validate sender identity, prevent unauthorized use of domains, and reduce the risk of sensitive data leaks.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-background-color has-text-color has-background has-link-color wp-element-button\" href=\"https:\/\/uac.easydmarc.com\/realms\/easydmarc\/protocol\/openid-connect\/registrations?client_id=dmarc-app&amp;response_type=code&amp;scope=openid+email&amp;redirect_uri=https%3A%2F%2Fapp.easydmarc.com%2Flogin%2Fcallback&amp;ui_locales=US&amp;state=eyJ1c2VySXAiOiI5MS4xMDMuMjUwLjE2NSIsImdvVXJsIjoiIiwibG9naW5PcHRpb25zIjp7fX0%3D\" style=\"background-color:#3fbdf7\">Get in touch<\/a><\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-when-do-nz-government-agencies-need-to-comply-with-this-framework\">When Do NZ Government Agencies Need to Comply with this Framework?<\/h2>\n\n\n\n<p>All New Zealand government agencies are expected to fully implement the Secure Government Email (SGE) Common Implementation Framework by <strong>October 2025<\/strong>. Agencies should begin their planning and deployment now to ensure full compliance by the deadline.<\/p>\n\n\n\n<p>The All of Government Secure Email Common Implementation Framework v1.0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What are the Mandated Requirements for Domains?<\/h2>\n\n\n\n<p>Below are the exact requirements for all email-enabled domains under the new framework.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Control<\/strong><\/td><td><strong>Exact Requirement<\/strong><\/td><\/tr><tr><td><strong>TLS<\/strong><\/td><td>Minimum TLS 1.2. TLS 1.1, 1.0, SSL, or clear-text not permitted.<\/td><\/tr><tr><td><strong>TLS-RPT<\/strong><\/td><td>All email-sending domains must have TLS reporting enabled.<\/td><\/tr><tr><td><a href=\"https:\/\/easydmarc.com\/blog\/what-is-an-spf-record\/\"><strong>SPF<\/strong><\/a><\/td><td>Must exist and end with -all.<\/td><\/tr><tr><td><strong>DKIM<\/strong><\/td><td>All outbound email from every sending service must be DKIM-signed at the final hop.<\/td><\/tr><tr><td><strong>DMARC<\/strong><\/td><td>Policy of p=reject on all email-enabled domains. adkim=s is recommended when not bulk-sending.<\/td><\/tr><tr><td><a href=\"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/\"><strong>MTA-STS<\/strong><\/a><\/td><td>Enabled and set to enforce.<\/td><\/tr><tr><td><strong>Implicit TLS<\/strong><\/td><td>Must be configured and enforced for every connection.<\/td><\/tr><tr><td><strong>Data Loss Prevention<\/strong><\/td><td>Enforce in line with the New Zealand Information Security Manual (NZISM) and Protective Security Requirements (PSR).<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Compliance Monitoring and Reporting<\/h2>\n\n\n\n<p>The All of Government Service Delivery (AoGSD) team will be monitoring compliance with the framework. Monitoring will initially cover SPF, DMARC, and MTA-STS settings and will be expanded to include DKIM. Changes to these settings will be monitored, enabling reporting on email security compliance across all government agencies. Ongoing monitoring will highlight changes to domains, ensure new domains are set up with security in place, and monitor the implementation of future email security technologies.&nbsp;<\/p>\n\n\n\n<p>Should compliance changes occur, such as an agency&#8217;s SPF record being changed from -all to ~all, this will be captured so that the AoGSD Security Team can investigate. They will then communicate directly with the agency to determine if an issue exists or if an error has occurred, reviewing each case individually.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Deployment Checklist for NZ Government Compliance<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Enforce TLS 1.2 minimum, implicit TLS, MTA-STS &amp; TLS-RPT<\/li>\n\n\n\n<li>SPF with -all<\/li>\n\n\n\n<li>DKIM on all outbound email<\/li>\n\n\n\n<li>DMARC p=reject&nbsp;<\/li>\n\n\n\n<li>adkim=s where suitable<\/li>\n\n\n\n<li>For non-email\/parked domains: SPF -all, empty DKIM, DMARC reject strict<\/li>\n\n\n\n<li>Compliance dashboard<\/li>\n\n\n\n<li>Inbound DMARC evaluation enforced<\/li>\n\n\n\n<li>DLP aligned with NZISM<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-background-color has-text-color has-background has-link-color wp-element-button\" href=\"https:\/\/uac.easydmarc.com\/realms\/easydmarc\/protocol\/openid-connect\/registrations?client_id=dmarc-app&amp;response_type=code&amp;scope=openid+email&amp;redirect_uri=https%3A%2F%2Fapp.easydmarc.com%2Flogin%2Fcallback&amp;ui_locales=US&amp;state=eyJ1c2VySXAiOiI5MS4xMDMuMjUwLjE2NSIsImdvVXJsIjoiIiwibG9naW5PcHRpb25zIjp7fX0%3D\" style=\"background-color:#3fbdf7\">Start a Free Trial<\/a><\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">How EasyDMARC Can Help Government Agencies Comply<\/h2>\n\n\n\n<p>EasyDMARC provides a comprehensive email security solution that simplifies the deployment and ongoing management of DNS-based email security protocols like SPF, DKIM, and DMARC with reporting. Our platform offers automated checks, real-time monitoring, and a guided setup to help government organizations quickly reach compliance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-tls-rpt-mta-sts-audit\">1. TLS-RPT \/ MTA-STS audit<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>EasyDMARC enables you to enable the <a href=\"https:\/\/easydmarc.com\/tools\/managed-mta-sts\">Managed MTA-STS and TLS-RPT<\/a> option with a single click. We provide the required DNS records and continuously monitor them for issues, delivering reports on TLS negotiation problems. This helps agencies ensure secure email transmission and quickly detect delivery or encryption failures.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"553\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.21.19-1024x553.png\" alt=\"\" class=\"wp-image-48369\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.21.19-1024x553.png 1024w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.21.19-300x162.png 300w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.21.19-768x415.png 768w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.21.19-1200x648.png 1200w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.21.19.png 1222w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><em><strong>Note<\/strong>: In this screenshot, you can see how to deploy MTA-STS and TLS Reporting by adding just three <\/em><a href=\"https:\/\/easydmarc.com\/blog\/what-is-a-cname-record-and-how-to-create-it\/\"><em>CNAME records <\/em><\/a><em>provided by EasyDMARC. It\u2019s recommended to start in \u201ctesting\u201d mode, evaluate the TLS-RPT reports, and then gradually switch your MTA-STS policy to \u201cenforce\u201d. The process is simple and takes just a few clicks.<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXciuDofcm-lpfFnTuxLDdNWXTPose1Dgexg3587hzgM6xcukX33453Slr94tRX9HYExxtMJnShSwcSa-Gdugb7Yru-6eWH46RB_HpzfOkQebcIK8niGAK0wvEOYV4B7JtsO91ag8g?key=hVEDC11IqC0uwD8wktuUfg\" alt=\"\"\/><\/figure>\n\n\n\n<p><br \/><em>As shown above, EasyDMARC parses incoming TLS reports into a centralized dashboard, giving you clear visibility into delivery and encryption issues across all sending sources.<\/em><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-2-spf-with-all\"><br \/>2. SPF with \u201c-all\u201d<\/h4>\n\n\n\n<p>In the EasyDARC platform, you can run the <a href=\"https:\/\/easydmarc.com\/tools\/spf-record-generator\">SPF Record Generator<\/a> to create a compliant record. Publish your v=spf1 record with \u201c-all\u201d to enforce a hard fail for unauthorized senders and prevent spoofed emails from passing SPF checks. This strengthens your domain\u2019s protection against impersonation.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"680\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.44-1024x680.png\" alt=\"\" class=\"wp-image-48375\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.44-1024x680.png 1024w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.44-300x199.png 300w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.44-768x510.png 768w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.44-1200x797.png 1200w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.44.png 1240w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><em><strong>Note<\/strong>: It is highly recommended to start adjusting your SPF record <\/em><strong><em>only after<\/em><\/strong><em> you begin receiving DMARC reports and identifying your legitimate email sources. As we\u2019ll explain in more detail below, both SPF and DKIM should be adjusted after you gain visibility through reports.<\/em><\/p>\n\n\n\n<p><em>Making changes without proper visibility can lead to false positives, misconfigurations, and potential loss of legitimate emails. That\u2019s why the first step should always be setting DMARC to p=none, receiving reports, analyzing them, and then gradually fixing any SPF or DKIM issues.<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-dkim-on-all-outbound-email\">  3. DKIM on all outbound email<\/h3>\n\n\n\n<p>DKIM must be configured for all email sources sending emails on behalf of your domain. This is critical, as DKIM plays a bigger role than SPF when it comes to building domain reputation, surviving auto-forwarding, mailing lists, and other edge cases.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>As mentioned above, DMARC reports provide visibility into your email sources, allowing you to implement DKIM accordingly (see first screenshot). If you&#8217;re using third-party services like Google Workspace, Microsoft 365, or Mimecast, you\u2019ll need to retrieve the public DKIM key from your provider&#8217;s admin interface (see second screenshot).<\/p>\n\n\n\n<p>EasyDMARC maintains a backend directory of over 1,400 email sources. We also give you detailed guidance on <a href=\"https:\/\/easydmarc.com\/blog\/category\/resources\/knowledge-base\/source-configuration\/\">how to configure SPF and DKIM correctly<\/a> for major ESPs.&nbsp;<\/p>\n\n\n\n<p><em>Note: At the end of this article, you\u2019ll  find configuration links for well-known ESPs like Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid &#8211; helping you avoid common misconfigurations and get aligned with SGE requirements.<\/em><\/p>\n\n\n\n<p>If you&#8217;re using a dedicated MTA (e.g., Postfix), DKIM must be implemented manually. EasyDMARC\u2019s <a href=\"https:\/\/easydmarc.com\/tools\/dkim-record-generator\">DKIM Record Generator <\/a>lets you generate both public and private keys for your server. The private key is stored on your MTA, while the public key must be published in your DNS (see third and fourth screenshots).<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"578\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.31-1024x578.png\" alt=\"\" class=\"wp-image-48378\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.31-1024x578.png 1024w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.31-300x169.png 300w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.31-768x434.png 768w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.31-1200x677.png 1200w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.31.png 1240w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"956\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.19.44-1024x956.png\" alt=\"\" class=\"wp-image-48381\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.19.44-1024x956.png 1024w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.19.44-300x280.png 300w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.19.44-768x717.png 768w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.19.44.png 1178w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"530\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.02-1024x530.png\" alt=\"\" class=\"wp-image-48384\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.02-1024x530.png 1024w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.02-300x155.png 300w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.02-768x397.png 768w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.02-1200x621.png 1200w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.20.02.png 1206w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"526\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.19.17-1024x526.png\" alt=\"\" class=\"wp-image-48387\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.19.17-1024x526.png 1024w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.19.17-300x154.png 300w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.19.17-768x394.png 768w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.19.17.png 1188w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-4-dmarc-p-reject-rollout\">4. DMARC p=reject rollout<\/h4>\n\n\n\n<p>As mentioned in previous points, DMARC reporting is the first and most important step on your DMARC enforcement journey. Always start with a p=none policy and configure RUA reports to be sent to EasyDMARC. Use the report insights to identify and fix SPF and DKIM alignment issues, then gradually move to p=quarantine and finally p=reject once all legitimate email sources have been authenticated.&nbsp;<\/p>\n\n\n\n<p>This phased approach ensures full protection against domain spoofing without risking legitimate email delivery.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"515\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.58-1024x515.png\" alt=\"\" class=\"wp-image-48390\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.58-1024x515.png 1024w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.58-300x151.png 300w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.58-768x386.png 768w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.58-1200x603.png 1200w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.58.png 1214w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-5-adkim-strict-alignment-check\">5. adkim Strict Alignment Check<\/h4>\n\n\n\n<p>This strict alignment check is not always applicable, especially if you\u2019re using third-party bulk ESPs, such as Sendgrid, that require you to set DKIM on a subdomain level. You can set adkim=s in your DMARC <a href=\"https:\/\/easydmarc.com\/blog\/how-to-create-a-txt-record-and-how-to-add-a-txt-record-to-dns\/\">TXT record,<\/a> or simply enable strict mode in EasyDMARC\u2019s Managed DMARC settings. This ensures that only emails with a <a href=\"https:\/\/easydmarc.com\/blog\/what-is-a-dkim-signature\/\">DKIM signature<\/a> that exactly match your domain pass alignment, adding an extra layer of protection against domain spoofing. But only do this if you are NOT a bulk sender.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"423\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.44-1024x423.png\" alt=\"\" class=\"wp-image-48393\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.44-1024x423.png 1024w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.44-300x124.png 300w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.44-768x318.png 768w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.44-1200x496.png 1200w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.44.png 1214w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-6-securing-non-email-enabled-domains\">6. Securing Non-Email Enabled Domains<\/h3>\n\n\n\n<p>The purpose of deploying email security to non-email-enabled domains, or parked domains, is to prevent messages being spoofed from that domain. This requirement remains even if the root-level domain has SP=reject set within its DMARC record.<\/p>\n\n\n\n<p><br \/>Under this new framework, you must bulk import and mark parked domains as \u201cParked.\u201d Crucially, this requires adjusting SPF settings to an empty record, setting DMARC to p=reject, and ensuring an empty DKIM record is in place:<\/p>\n\n\n\n<p>&nbsp;\u2022 SPF record: \u201cv=spf1 -all\u201d.<br \/>\u2022 Wildcard DKIM record with empty public key.<br \/>\u2022 DMARC record: \u201cv=DMARC1;p=reject;adkim=s;aspf=s;rua=mailto:\u2026\u201d.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"694\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.23-1024x694.png\" alt=\"\" class=\"wp-image-48397\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.23-1024x694.png 1024w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.23-300x203.png 300w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.23-768x520.png 768w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.18.23.png 1196w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>EasyDMARC allows you to add and label parked domains for free. This is important because it helps you monitor any activity from these domains and ensure they remain protected with a strict DMARC policy of p=reject.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-7-compliance-dashboard\">7. Compliance Dashboard<\/h4>\n\n\n\n<p>Use EasyDMARC\u2019s<a href=\"https:\/\/easydmarc.com\/tools\/domain-scanner\"> Domain Scanner<\/a> to assess the security posture of each domain with a clear compliance score and risk level. The dashboard highlights configuration gaps and guides remediation steps, helping government agencies stay on track toward full compliance with the SGE Framework.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"569\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.49.40-1024x569.png\" alt=\"\" class=\"wp-image-48400\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.49.40-1024x569.png 1024w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.49.40-300x167.png 300w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.49.40-768x427.png 768w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.49.40-1200x667.png 1200w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/Screenshot-2025-06-11-at-10.49.40.png 1216w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-8-inbound-dmarc-evaluation-enforced\">8. Inbound DMARC Evaluation Enforced<\/h4>\n\n\n\n<p>You don\u2019t need to apply any changes if you\u2019re using Google Workspace, Microsoft 365, or other major mailbox providers. Most of them already enforce DMARC evaluation on incoming emails.<\/p>\n\n\n\n<p>However, some legacy Microsoft 365 setups may still quarantine emails that fail DMARC checks, even when the sending domain has a p=reject policy, instead of rejecting them. This behavior can be adjusted directly from your Microsoft Defender portal. Read more about this in our step-by-step guide on <a href=\"https:\/\/easydmarc.com\/blog\/dmarc-and-microsoft\/\">how to set up SPF, DKIM, and DMARC from Microsoft Defender<\/a>.<\/p>\n\n\n\n<p>If you\u2019re using a third-party mail provider that doesn\u2019t enforce having a DMARC policy for incoming emails, which is rare, you\u2019ll need to contact their support to request a configuration change.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-9-data-loss-prevention-aligned-with-nzism\">9. Data Loss Prevention Aligned with NZISM<\/h4>\n\n\n\n<p>The New Zealand Information Security Manual (<a href=\"https:\/\/nzism.gcsb.govt.nz\/\">NZISM<\/a>) is the New Zealand Government&#8217;s manual on information assurance and information systems security. It includes guidance on data loss prevention (DLP), which must be followed to be aligned with the SEG.<br \/><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-need-help-setting-up-spf-and-dkim-for-your-email-provider\">Need Help Setting up SPF and DKIM for your Email Provider?<\/h2>\n\n\n\n<p>Setting up SPF and DKIM for different ESPs often requires specific configurations. Some providers require you to publish SPF and DKIM on a subdomain, while others only require DKIM, or have different formatting rules. We&#8217;ve simplified all these steps to help you avoid misconfigurations that could delay your DMARC enforcement, or worse, block legitimate emails from reaching your recipients.<\/p>\n\n\n\n<p>Below you&#8217;ll find comprehensive setup guides for Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid. You can also explore our full blog section that covers setup instructions for many other well-known ESPs.<\/p>\n\n\n\n<p>Remember, all this information is reflected in your DMARC aggregate reports. These reports give you live visibility into your outgoing email ecosystem, helping you analyze and fix any issues specific to a given provider.<\/p>\n\n\n\n<p>Here are our step-by-step guides for the most common platforms:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/easydmarc.com\/blog\/spf-dkim-dmarc-setup-guide-for-g-suite-gmail-for-business\/\">Google Workspace<\/a><\/li>\n<\/ul>\n\n\n<figure class=\"wp-block-embed wp-embed-aspect-16-9 wp-has-aspect-ratio  is-type-video is-provider-youtube wp-block-embed-youtube\"><div class=\"wp-block-embed__wrapper video-seo-youtube-embed-wrapper\"><div class=\"video-seo-youtube-player\" data-id=\"hbX5-TjBbA4\"><\/div><\/div><\/figure>\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/easydmarc.com\/blog\/microsoft-365-spf-and-dkim-configuration-step-by-step\/\">Microsoft 365<\/a><\/li>\n<\/ul>\n\n\n<figure class=\"wp-block-embed wp-embed-aspect-16-9 wp-has-aspect-ratio  is-type-video is-provider-youtube wp-block-embed-youtube\"><div class=\"wp-block-embed__wrapper video-seo-youtube-embed-wrapper\"><div class=\"video-seo-youtube-player\" data-id=\"KaqfYJm4eU4\"><\/div><\/div><\/figure>\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/easydmarc.com\/blog\/zoho-mail-spf-and-dkim-setup\/\">Zoho Mail<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/easydmarc.com\/blog\/amazon-ses-spf-and-dkim-configuration\/\">AmazonSES<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/easydmarc.com\/blog\/how-to-set-up-spf-and-dkim-for-sendgrid\/\">SendGrid<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/easydmarc.com\/blog\/category\/resources\/knowledge-base\/source-configuration\/\">Others<\/a><\/li>\n<\/ul>\n\n\n\n<p>These guides will help ensure your DNS records are configured correctly as part of the Secure Government Email (SGE) Framework rollout.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-meet-new-government-email-security-standards-with-easydmarc\">Meet New Government Email Security Standards With EasyDMARC<\/h2>\n\n\n\n<p>New Zealand\u2019s SEG Framework sets a clear path for government agencies to enhance their email security by October 2025. With EasyDMARC, you can meet these technical requirements efficiently and with confidence. From protocol setup to continuous monitoring and compliance tracking, EasyDMARC streamlines the entire process, ensuring strong protection against spoofing, phishing, and data loss while simplifying your transition from SEEMail.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Secure Government Email (SGE) Common Implementation Framework &#8230;<\/p>\n","protected":false},"author":25,"featured_media":48404,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[204,203],"tags":[],"class_list":["post-48368","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-email-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.5 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>New Zealand SGE | EasyDMARC<\/title>\n<meta name=\"description\" content=\"Learn how New Zealand\u2019s Secure Government Email (SGE) Framework requires agencies to meet email security standards like SPF, DKIM, DMARC, and MTA-STS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Zealand&#039;s Email Security Requirements for Government Organizations: What You Need to Know\" \/>\n<meta property=\"og:description\" content=\"Learn how New Zealand\u2019s Secure Government Email (SGE) Framework requires agencies to meet email security standards like SPF, DKIM, DMARC, and MTA-STS.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/\" \/>\n<meta property=\"og:site_name\" content=\"EasyDMARC\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/EasyDMARC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-11T06:52:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-16T07:09:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/DMARC-Deadline-for-New-Zealand-Government-Organizations_-October-2025.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"910\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Hagop K.\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@easydmarc\" \/>\n<meta name=\"twitter:site\" content=\"@easydmarc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Hagop K.\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/\"},\"author\":{\"name\":\"Hagop K.\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#\\\/schema\\\/person\\\/740e38b8d7f98e6c4141ae2931ca5a2a\"},\"headline\":\"New Zealand&#8217;s Email Security Requirements for Government Organizations: What You Need to Know\",\"datePublished\":\"2025-06-11T06:52:30+00:00\",\"dateModified\":\"2025-07-16T07:09:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/\"},\"wordCount\":2052,\"publisher\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/DMARC-Deadline-for-New-Zealand-Government-Organizations_-October-2025.jpg\",\"articleSection\":[\"Blog\",\"Email Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/\",\"name\":\"New Zealand SGE | EasyDMARC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/DMARC-Deadline-for-New-Zealand-Government-Organizations_-October-2025.jpg\",\"datePublished\":\"2025-06-11T06:52:30+00:00\",\"dateModified\":\"2025-07-16T07:09:54+00:00\",\"description\":\"Learn how New Zealand\u2019s Secure Government Email (SGE) Framework requires agencies to meet email security standards like SPF, DKIM, DMARC, and MTA-STS.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/#primaryimage\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/DMARC-Deadline-for-New-Zealand-Government-Organizations_-October-2025.jpg\",\"contentUrl\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/DMARC-Deadline-for-New-Zealand-Government-Organizations_-October-2025.jpg\",\"width\":1440,\"height\":910,\"caption\":\"image for DMARC deadline\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/new-zealands-email-security-requirements\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/easydmarc.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/category\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Email Security\",\"item\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/category\\\/blog\\\/email-security\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"New Zealand&#8217;s Email Security Requirements for Government Organizations: What You Need to Know\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/\",\"name\":\"EasyDMARC\",\"description\":\"Blog\",\"publisher\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/#organization\",\"name\":\"EasyDMARC\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/img\\\/logo.png\"},\"image\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/EasyDMARC\\\/\",\"https:\\\/\\\/x.com\\\/easydmarc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/easydmarc\\\/mycompany\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#\\\/schema\\\/person\\\/740e38b8d7f98e6c4141ae2931ca5a2a\",\"name\":\"Hagop K.\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bb6e65e2ae3c6e57f798515a978995b899d1d972034c909397efad978249be85?s=96&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bb6e65e2ae3c6e57f798515a978995b899d1d972034c909397efad978249be85?s=96&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bb6e65e2ae3c6e57f798515a978995b899d1d972034c909397efad978249be85?s=96&r=g\",\"caption\":\"Hagop K.\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/hagopkhatchoian\\\/\"],\"url\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/author\\\/hagop-khatchoian\\\/\"}]}<\/script>\n<meta property=\"og:video\" content=\"https:\/\/www.youtube.com\/embed\/hbX5-TjBbA4\" \/>\n<meta property=\"og:video:type\" content=\"text\/html\" \/>\n<meta property=\"og:video:duration\" content=\"146\" \/>\n<meta property=\"og:video:width\" content=\"480\" \/>\n<meta property=\"og:video:height\" content=\"270\" \/>\n<meta property=\"ya:ovs:adult\" content=\"false\" \/>\n<meta property=\"ya:ovs:upload_date\" content=\"2025-06-11T06:52:30+00:00\" \/>\n<meta property=\"ya:ovs:allow_embed\" content=\"true\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"New Zealand SGE | EasyDMARC","description":"Learn how New Zealand\u2019s Secure Government Email (SGE) Framework requires agencies to meet email security standards like SPF, DKIM, DMARC, and MTA-STS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/","og_locale":"en_US","og_type":"article","og_title":"New Zealand's Email Security Requirements for Government Organizations: What You Need to Know","og_description":"Learn how New Zealand\u2019s Secure Government Email (SGE) Framework requires agencies to meet email security standards like SPF, DKIM, DMARC, and MTA-STS.","og_url":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/","og_site_name":"EasyDMARC","article_publisher":"https:\/\/www.facebook.com\/EasyDMARC\/","article_published_time":"2025-06-11T06:52:30+00:00","article_modified_time":"2025-07-16T07:09:54+00:00","og_image":[{"width":1440,"height":910,"url":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/DMARC-Deadline-for-New-Zealand-Government-Organizations_-October-2025.jpg","type":"image\/jpeg"}],"author":"Hagop K.","twitter_card":"summary_large_image","twitter_creator":"@easydmarc","twitter_site":"@easydmarc","twitter_misc":{"Written by":"Hagop K.","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/#article","isPartOf":{"@id":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/"},"author":{"name":"Hagop K.","@id":"https:\/\/easydmarc.com\/blog\/#\/schema\/person\/740e38b8d7f98e6c4141ae2931ca5a2a"},"headline":"New Zealand&#8217;s Email Security Requirements for Government Organizations: What You Need to Know","datePublished":"2025-06-11T06:52:30+00:00","dateModified":"2025-07-16T07:09:54+00:00","mainEntityOfPage":{"@id":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/"},"wordCount":2052,"publisher":{"@id":"https:\/\/easydmarc.com\/blog\/#organization"},"image":{"@id":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/#primaryimage"},"thumbnailUrl":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/DMARC-Deadline-for-New-Zealand-Government-Organizations_-October-2025.jpg","articleSection":["Blog","Email Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/","url":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/","name":"New Zealand SGE | EasyDMARC","isPartOf":{"@id":"https:\/\/easydmarc.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/#primaryimage"},"image":{"@id":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/#primaryimage"},"thumbnailUrl":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/DMARC-Deadline-for-New-Zealand-Government-Organizations_-October-2025.jpg","datePublished":"2025-06-11T06:52:30+00:00","dateModified":"2025-07-16T07:09:54+00:00","description":"Learn how New Zealand\u2019s Secure Government Email (SGE) Framework requires agencies to meet email security standards like SPF, DKIM, DMARC, and MTA-STS.","breadcrumb":{"@id":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/#primaryimage","url":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/DMARC-Deadline-for-New-Zealand-Government-Organizations_-October-2025.jpg","contentUrl":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/DMARC-Deadline-for-New-Zealand-Government-Organizations_-October-2025.jpg","width":1440,"height":910,"caption":"image for DMARC deadline"},{"@type":"BreadcrumbList","@id":"https:\/\/easydmarc.com\/blog\/new-zealands-email-security-requirements\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/easydmarc.com\/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/easydmarc.com\/blog\/category\/blog\/"},{"@type":"ListItem","position":3,"name":"Email Security","item":"https:\/\/easydmarc.com\/blog\/category\/blog\/email-security\/"},{"@type":"ListItem","position":4,"name":"New Zealand&#8217;s Email Security Requirements for Government Organizations: What You Need to Know"}]},{"@type":"WebSite","@id":"https:\/\/easydmarc.com\/blog\/#website","url":"https:\/\/easydmarc.com\/blog\/","name":"EasyDMARC","description":"Blog","publisher":{"@id":"https:\/\/easydmarc.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/easydmarc.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/easydmarc.com\/#organization","name":"EasyDMARC","url":"https:\/\/easydmarc.com\/","logo":{"@type":"ImageObject","url":"https:\/\/easydmarc.com\/img\/logo.png"},"image":{"@id":"https:\/\/easydmarc.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/EasyDMARC\/","https:\/\/x.com\/easydmarc","https:\/\/www.linkedin.com\/company\/easydmarc\/mycompany\/"]},{"@type":"Person","@id":"https:\/\/easydmarc.com\/blog\/#\/schema\/person\/740e38b8d7f98e6c4141ae2931ca5a2a","name":"Hagop K.","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/bb6e65e2ae3c6e57f798515a978995b899d1d972034c909397efad978249be85?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/bb6e65e2ae3c6e57f798515a978995b899d1d972034c909397efad978249be85?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bb6e65e2ae3c6e57f798515a978995b899d1d972034c909397efad978249be85?s=96&r=g","caption":"Hagop K."},"sameAs":["https:\/\/www.linkedin.com\/in\/hagopkhatchoian\/"],"url":"https:\/\/easydmarc.com\/blog\/author\/hagop-khatchoian\/"}]},"og_video":"https:\/\/www.youtube.com\/embed\/hbX5-TjBbA4","og_video_type":"text\/html","og_video_duration":"146","og_video_width":"480","og_video_height":"270","ya_ovs_adult":"false","ya_ovs_upload_date":"2025-06-11T06:52:30+00:00","ya_ovs_allow_embed":"true"},"jetpack_featured_media_url":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2025\/06\/DMARC-Deadline-for-New-Zealand-Government-Organizations_-October-2025.jpg","_links":{"self":[{"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/posts\/48368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/comments?post=48368"}],"version-history":[{"count":7,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/posts\/48368\/revisions"}],"predecessor-version":[{"id":48465,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/posts\/48368\/revisions\/48465"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/media\/48404"}],"wp:attachment":[{"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/media?parent=48368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/categories?post=48368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/tags?post=48368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}