Mail Check and Web Check to No Longer Be Available as NCSC Announces Retirement
In 2017, when most organizations had limited to no visibility into the external security posture of their domains and websites, the National Cyber Security Centre introduced Mail Check and Web Check as part of its Active Cyber Defence Programme.
For nearly a decade, these tools were publicly accessible and helped organizations identify misconfigurations, security gaps, and vulnerabilities that attackers could exploit. However, today, the cybersecurity threat landscape has become far more sophisticated and fast-evolving than when these tools were first introduced. Now that most organizations rely on cloud environments and third-party vendors, these tools no longer suffice.In fact, with such surface-level insights, you get only a partial view of your organization’s entire digital footprint.
Considering today’s broader and more dynamic attack surface, the NCSC realised that you need more advanced tools to manage a complex digital ecosystem that requires more than a basic external monitoring tool. This is why they are now rolling back these services.
As per the latest notification by the NCSC, Mail Check and Web Check will no longer be operational from 31 March 2026.
Why did Mail Check and Web Check exist in the first place?
Mail Check and Web Check were never meant to be permanent services. They were launched in 2017 as part of the Active Cyber Defence Programme to address the growing security concerns across UK government domains.
At that time, domain spoofing had become a serious concern, and government services were the most impersonated and targeted by citizens. This raised concerns in the National Cyber Security Centre, as attackers were exploiting weak email authentication and misconfigured domains to send fraudulent messages that appeared to originate from trusted government institutions. To address this problem, the NCSC encouraged organizations to implement DMARC, which enabled them to prevent unauthorized senders from sending emails on their domain’s behalf. The strategy became so effective that it blocked nearly half a billion phishing emails before they reached customers
Mail Check helped scale this success across the public sector by allowing you to monitor your email authentication configurations, identify misconfigurations, and detect spoofing attempts targeting your domains. The platform provides visibility into how your domain is being used, the authentication results, and the sources sending emails on behalf of your organization.
As for Web Check, it focused on the web side of things. This platform allowed you to scan your public-sector domains for common vulnerabilities, configuration issues, and missing security controls that could expose websites to attacks or enable malicious actors to exploit trusted government services.
What does the retirement of Mail Check and Web Check mean to organizations?
Now that Mail Check and Web Check will no longer be available from 31 March 2026, if you relied on these platforms, you will need to reevaluate how you monitor the security posture of your domains and websites. Once these services are retired, you will even stop receiving any updates or alerts related to your domains and websites, such as email authentication issues, missing certificates, or any DNS misconfigurations.
Although these tools only enabled monitoring at a basic level, they still worked well because they provided a simple way to keep track of all major security-related issues that might be affecting the organization’s public-facing infrastructure.
The retirement of these tools by the NCSC does not mean the risks they were designed to detect have disappeared. In fact, they have only become more sophisticated and harder to detect than ever. This means that you will now need to switch to security and monitoring solutions that are more advanced and continuous. Instead of relying on basic monitoring tools, you will now need solutions that can keep track of your entire internet-facing infrastructure.
That’s why the NCSC has encouraged users to switch to External Attack Surface Management (EASM) platforms that scan and monitor assets like domains, DNS records, websites, certificates, and other services that are visible on the internet. In many ways, they combine the capabilities of both Mail Check and Web Check and take it a step further.
What should be the next steps?
Since you will not be able to receive insights or alerts from Mail Check and Web Check from 31 March 2026, it is important that you are well-prepared for the transition. This is why it is recommended that you switch to tools that can monitor your domains, email authentication configuration, DNS settings, and website, among other digital assets.
Adopting solutions such as External Attack Surface Management (EASM) tools can help maintain visibility into internet-facing assets and detect security issues early. This ensures that even after these services are retired, organizations can continue monitoring their digital footprint and address risks before they are exploited.
If you are not sure how to make this switch and don’t want to lose some critical visibility into your organization’s external security posture, get in touch with us!
