Back in 2017, when the web wasn’t as structured as it is today from a security standpoint, many organizations didn’t have the right tools to analyze the security posture of their domains and websites. That’s when the UK government introduced Mail Check and Web Check as part of its Active Cyber Defence programme.
These tools help organizations to identify misconfigurations, exposures, or vulnerabilities that attackers could exploit. Over the years, these tools helped organizations gain visibility into gaps in their security posture, but now that the cybersecurity landscape has become almost unrecognizable compared to that of 2017, these tools no longer serve the purpose that they used to. This is why the NCSC has announced that both Mail Check and Web Check will be retired on 31 March 2026.
This is a major announcement in the cybersecurity circles of the UK public sector and organizations, and will have a direct impact on security teams that rely on them.
Here’s what you should know about the latest announcement and how it can affect you.
What role did Mail Check and Web Check play in enhancing security?
Mail Check and Web Check were external monitoring services that enabled organizations to assess the security of their domains and websites. The outside perspective that these services gave was important because it showed organizations what their infrastructure looked like to an attacker scanning the internet.
Mail Check focused on the email side of things, as it gave organizations insights into how their domain was configured to send emails and whether their email authentication setup was properly configured. It checked records related to SPF, DKIM, and DMARC and highlighted gaps that could allow attackers to send spoofed emails using the organization’s domain.
As for Web Check, it focused more on public-facing websites and services The platform organization’s domains to identify potential issues such as outdated software, insecure configurations, or exposed services that could be discovered through internet scanning. This allowed organizations to identify vulnerabilities in their web infrastructure before attackers could exploit them.
What does the retirement of Mail Check and Web Check mean for your organization?
As per the latest announcement by the National Cyber Security Centre, organizations using Mail Check and Web Check will have to switch to alternate solutions once these services are retired on 31 March 2026. This is a hard cutoff issued by the NCSC, after which users will no longer receive findings or alerts generated through these platforms. This means the issues these services used to flag, like email authentication problems, DNS configuration issues, outdated website software, or exposed services on the internet, will no longer be reported through these platforms.
Organizations that relied on them will therefore need other tools to monitor these risks. Without that, security teams may simply not notice these issues until someone else finds them.
One option NCSC recommends is the use of External Attack Surface Management (EASM) tools. These tools bring together the monitoring and visibility capabilities of both Mail Check and Web Check into a single platform, while also offering broader coverage of an organization’s internet-facing assets. These tools can track domains, DNS records, websites, certificates, and other internet-facing services to help organizations understand what parts of their infrastructure are visible from the outside.
As National Cyber Security Centre retires Web Check and Mail Check, AutoSPF helps security teams maintain strong email authentication.
How does an EASM solution help monitor your attack surface?
As we established earlier, Mail Check and Web Check helped organizations understand what their domain and website looked like from the outside, especially to the cybercriminals. But now that these tools will no longer be available, the NCSC is now encouraging organizations to adopt External Attack Surface Management (EASM) solutions.
These tools help security teams keep track of everything about their organization that is visible on the internet. This includes domains, DNS records, the website, and certificates. By mapping out these assets, EASM platforms give organizations a clearer picture of their external infrastructure.
Moreover, EASM solutions help you conduct a security analysis of potential risks and vulnerabilities. This could include detecting gaps in software deployed, weak email authentication configurations, or services that may be unintentionally exposed to the internet.
Apart from this, most EASM platforms also include features that help security teams manage and track these risks more easily. For instance, these tools offer dashboards that give you an overview of your organization’s external attack surface, downloadable and shareable reports, and workflow features that allow your teams to assign, track, and resolve identified issues.
With such comprehensive security and management capabilities, EASM solutions make for a practical replacement for tools like Mail Check and Web Check. They allow you to continuously monitor your external infrastructure, understand your threat exposure, and identify risks attackers could exploit.
Not sure how to transition from Mail Check and Web Check to these latest solutions? Get in touch with us to see how we can help.
