A guide to NCSC Mail Check and Web Check changes: What this means for your organisation

The UK's National Cyber Security Centre (NCSC) has announced it will stop providing its Mail Check and Web Check services on March 31, 2026. Organisations currently relying on these free tools for monitoring email security configurations and web vulnerabilities will need to migrate to an alternative provider.

The NCSC will continue providing some external attack surface alerts through its Early Warning and DNS Check services, but the comprehensive monitoring capabilities of Mail Check and Web Check will no longer be available through the MyNCSC platform.

This decision represents a significant shift in how the NCSC approaches Active Cyber Defence. Mail Check and Web Check were pioneering services when they launched in 2017, helping thousands of UK organisations improve their email authentication and web security posture at no cost. Since then, the ACD has collaborated with numerous industry leaders to enhance the services available.

In 2024, the ACD launched an exploration into attack surface management (ASM) to deepen the NCSC's understanding of industry offerings and customer needs, and to better shape their service provision. Proudly supported by Red Sift, this market research contributed over 900 hours of trial service time.

The NCSC's strategy is evolving: rather than maintaining services where robust commercial alternatives now exist, the agency is refocusing resources on areas where it can provide unique value, either by filling gaps in the commercial market or leveraging its position within GCHQ to drive resilience at scale.

For organisations using these tools, this change means taking ownership of attack surface management and investing in commercial solutions that, according to the NCSC's analysis, often provide "the same if not better service offers."

The good news? The External Attack Surface Management (EASM) market has matured considerably since 2017. Many commercial products now offer Mail Check and Web Check functionality within a single platform, often with significantly enhanced features. At Red Sift, we have previously supported many clients who were impacted by the initial Mail Check changes at the start of 2025.

The NCSC has published a buyer's guide breaking down EASM products into three key areas:

• Visibility and insight – comprehensive views of your attack surface, including technology stack, DNS configuration, and certificate management
• Security analysis – identification of risks like misconfigured email security, outdated software, and exposed services
• Supporting functions – dashboards, reporting, workflow management, and team collaboration tools

Many EASM vendors offer free tiers for organisations with smaller attack surfaces, though these may have limitations on the number of monitored assets or check frequency.

For businesses looking for direct replacements with enhanced capabilities, Red Sift offers two specialised solutions:

• Red Sift ASM serves as a natural successor to Web Check, offering continuous attack surface monitoring that identifies vulnerabilities across your digital infrastructure. Red Sift ASM discovers shadow IT, monitors for misconfigurations, and alerts you to emerging threats, all with the intuitive interface and clear remediation guidance that security teams need.
• Red Sift OnDMARC replaces Mail Check with a comprehensive email security platform that goes beyond basic monitoring. OnDMARC provides continuous DMARC, SPF, and DKIM monitoring with actionable insights, helping you achieve and maintain email authentication compliance while protecting your domain from spoofing and phishing attacks. Ready to mitigate against ever-increasing AI threats, OnDMARC offers existing Mail Check users a hassle free and easy migration option. 
• Red Sift Certificates ensures your organisation never experiences the disruption and reputational damage of an expired or misconfigured SSL/TLS certificate. The platform provides automated certificate discovery and monitoring across your entire infrastructure, with intelligent alerts that give you plenty of time to renew before expiration. Red Sift Certificates tracks certificate health, identifies weak cryptographic configurations, and provides clear visibility into your PKI ecosystem, eliminating the manual spreadsheets and calendar reminders that lead to costly outages and security gaps.

All three of these applications integrate seamlessly, providing the unified visibility that modern security teams require. With the NCSC's transition timeline, now is the time to evaluate your options and ensure continuity in your cyber defence posture. If you’re ready to get started, you can book a short demo with our team today.

As a recognised contributor to NCSC guidance, Red Sift brings deep expertise in email security and attack surface management. But beyond the technology, what sets Red Sift apart is their commitment to customer success.

Red Sift maintains an exceptional 4.9 out of 5 rating on G2, reflecting consistent delivery of outstanding customer experiences. This isn't just about powerful features, it's about having a partner who's invested in your security outcomes.

The Red Sift customer service team provides responsive, knowledgeable support that helps you maximise value from day one. Whether you're navigating your initial DMARC deployment, troubleshooting a complex configuration, or scaling your attack surface management across a growing domain portfolio, Red Sift's experts are there to guide you through every step.

For businesses transitioning from Mail Check and Web Check, this level of support is invaluable. You're not just replacing a tool, you're gaining a security partner who understands the nuances of email authentication, the complexities of modern attack surfaces, and the practical realities of implementing enterprise security controls.

Security leaders should:

1. Assess your current usage – Document what you're monitoring through Mail Check and Web Check today
2. Review the NCSC buyer's guide – Understand what features matter most for your organisation
3. Evaluate EASM providers – Look for solutions that match your requirements and budget
4. Plan your migration – Give yourself adequate time to implement and configure your chosen solution before the March 2026 deadline
5. Test and validate – Ensure your new solution provides the coverage and alerting you need

The NCSC's servicetransition@digital.ncsc.gov.uk email is available for questions about the transition.

While change can be disruptive, this transition represents an opportunity to upgrade your attack surface management capabilities with more sophisticated tools designed for today's threat landscape. The key is starting your evaluation process now, rather than waiting until the deadline approaches.