NCSC announces the retirement of Mail Check and Web Check: Here’s what it really means
Email and web security were never really a pressing concern for many organizations in the UK until 2017, when the National Cyber Security Centre introduced Mail Check and Web Check as part of its Active Cyber Defence programme. At that time, most teams had limited visibility into how their domains were configured, how secure their websites were, or whether their email infrastructure was operating properly.
The thing is, without this critical information, your systems remain vulnerable to misconfigurations and security gaps that attackers could easily exploit. That’s when the NCSC introduced these publicly accessible tools that helped you identify and address misconfigurations or security gaps, such as missing email authentication records, weak TLS configurations, outdated encryption protocols, and other issues that could expose domains and websites to attack.
But today, things have changed a lot. Digital ecosystems have become far more complex, and cyberattacks have become more sophisticated. Cloud platforms, SaaS applications, and multiple third-party vendors have become integral to almost every organization, which means that to understand your true security posture, you need visibility far beyond just your domain or website configuration. This is why the NCSC has now decided to retire Mail Check and Web Check from 31 March 2026.
Here’s all that you should know about it:
Why were Mail Check and Web Check even introduced?
In 2017, when Mail Check and Web Check were first introduced, they weren’t launched as permanent security solutions. Their primary purpose was to address a specific problem at the time: many security teams lacked even basic visibility into the security posture of their domains and websites.
This became a major concern for the UK government as cyberattackers started targeting weak email authentication and misconfigured domains to send fraudulent messages that appeared to originate from trusted government institutions. To address this problem and prevent unauthorized senders from sending fraudulent emails on a domain’s behalf, the government encouraged organizations to implement DMARC. But since implementing DMARC without monitoring is only half the job, you also need a way to track how their domains were used and whether authentication policies were working as intended.
That’s where Mail Check came in. It helped you monitor DMARC adoption, identify authentication gaps, and detect potential spoofing attempts. Alongside this, Web Check scanned websites for common security issues such as weak TLS configurations and outdated protocols.
Together, these tools helped you identify and fix fundamental security issues within their digital infrastructure.
What happens once Mail Check and Web Check are retired?
From 31 March 2026, both Mail Check and Web Check will no longer be operational. This means that if you were using these platforms to monitor your domains, email authentication, or website security posture, you will no longer have access to the insights and alerts these tools previously provided.
Although these services only provided a partial picture of your digital infrastructure’s security posture, they still offered a simple way to monitor key issues related to domains, email authentication, and website configurations. But as we established earlier, to navigate today’s threat landscape, you need more than just basic external checks.
After these services are retired, you will need to rely on more advanced, continuous-monitoring solutions to track your entire internet-facing infrastructure. The NCSC recommends switching to External Attack Surface Management (EASM) tools.
These tools tell you everything you need to know about the security posture of your internet-facing assets, such as domains, DNS records, websites, certificates, and other publicly exposed services. Moreover, these tools also allow you to manage your security risks more effectively. Most EASM platforms include dashboards that give you a clear picture of your external attack surface, along with reports and workflow features that help you track and resolve identified issues.
These comprehensive security and management capabilities are what make EASM tools a practical replacement for platforms like Mail Check and Web Check. They go beyond the cursory checks and allow you to continuously monitor your internet-facing infrastructure, understand where your risks lie, and address potential vulnerabilities before attackers can exploit them.
What should you do next?
If you have been using Mail Check or Web Check to monitor your email and web security posture, now is the time to make the switch. You can start by reviewing how you currently monitor your domains, DNS records, websites, and email authentication settings, and identify any gaps that may appear once these services are retired.
Once you know what your current security posture is, you can adopt advanced monitoring solutions such as External Attack Surface Management (EASM) tools that give more comprehensive visibility into your internet-facing digital infrastructure.
If you are not sure how to begin or how to transition from Mail Check and Web Check to the latest monitoring solutions, we are here to help. Contact us to learn how DuoCircle can help you stay ahead of emerging security risks.