--- title: "NCSC is retiring Web Check and Mail Check: Here’s what it means for security teams | AutoSPF" description: "Back in 2017, when the web wasn’t as structured as it is today from a security standpoint." image: "https://autospf.com/og/blog/ncsc-retiring-web-check-mail-check-what-means-security-teams.png" canonical: "https://autospf.com/blog/ncsc-retiring-web-check-mail-check-what-means-security-teams/" --- Quick Answer Back in 2017, when the web wasn’t as structured as it is today from a security standpoint, many organizations didn’t have the right tools to analyze the security posture of their domains and websites. That’s when the UK government introduced Mail Check and Web Check as part of its Active Cyber Defence programme. NCSC is retiring Web Check and Mail Check: Here’s what it means for security teams Your browser does not support the audio element. [ Download episode](/audio/ncsc-retiring-web-check-mail-check-what-means-security-teams.mp3) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fautospf.com%2Fblog%2Fncsc-retiring-web-check-mail-check-what-means-security-teams%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=NCSC%20is%20retiring%20Web%20Check%20and%20Mail%20Check%3A%20Here%E2%80%99s%20what%20it%20means%20for%20security%20teams&url=https%3A%2F%2Fautospf.com%2Fblog%2Fncsc-retiring-web-check-mail-check-what-means-security-teams%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fautospf.com%2Fblog%2Fncsc-retiring-web-check-mail-check-what-means-security-teams%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fautospf.com%2Fblog%2Fncsc-retiring-web-check-mail-check-what-means-security-teams%2F&title=NCSC%20is%20retiring%20Web%20Check%20and%20Mail%20Check%3A%20Here%E2%80%99s%20what%20it%20means%20for%20security%20teams "Share on Reddit") [ ](mailto:?subject=NCSC%20is%20retiring%20Web%20Check%20and%20Mail%20Check%3A%20Here%E2%80%99s%20what%20it%20means%20for%20security%20teams&body=Check out this article: https%3A%2F%2Fautospf.com%2Fblog%2Fncsc-retiring-web-check-mail-check-what-means-security-teams%2F "Share via Email") ![cybersecurity transition in action](https://media.mailhop.org/autospf/images/2026/03/spf-checker-7871.jpg) Back in 2017, when the web wasn’t as structured as it is today from a security standpoint, many organizations didn’t have the right tools to analyze the [security posture](https://attaxion.com/glossary/security-posture-assessment/) of their domains and websites. That’s when the UK government introduced Mail Check and Web Check as part of its [Active Cyber Defence programme](https://www.ukauthority.com/articles/ncsc-launches-active-cyber-defence-20/). _These tools help organizations to identify misconfigurations, exposures, or vulnerabilities that attackers could exploit._ Over the years, these tools helped organizations gain visibility into gaps in their security posture, but now that the cybersecurity landscape has become almost unrecognizable compared to that of 2017, these tools no longer serve the purpose that they used to. This is why the [NCSC](https://en.wikipedia.org/wiki/National%5FCommission%5Ffor%5FScheduled%5FCastes) has announced that both Mail Check and Web Check will be retired on 31 March 2026. ![Service Retirement: 31 March 2026](https://media.mailhop.org/autospf/images/2026/03/spf-flatterning-521.jpg) _This is a major announcement in the cybersecurity circles of the UK public sector and organizations, and will have a direct impact on security teams that rely on them._ Here’s what you should know about the latest announcement and how it can affect you. ## What role did Mail Check and Web Check play in enhancing security? [Mail Check and Web Check](https://www.infosecurity-magazine.com/news/ncsc-retire-web-check-mail-check/) were external monitoring services that enabled organizations to assess the security of their domains and websites. The outside perspective that these services gave was important because it showed organizations what their infrastructure looked like to an attacker scanning the internet. _Mail Check focused on the email side of things, as it gave organizations insights into how their domain was configured to send emails and whether their email authentication setup was properly configured._ It checked records related to [SPF,](/blog/what-is-spf-email-a-guide-to-sender-validation-technology/) [DKIM](/blog/how-dkim-works-a-comprehensive-guide-to-email-authentication/), and [DMARC](https://dmarcreport.com/what-is-dmarc/) and highlighted gaps that could allow attackers to send [spoofed emails](https://thehackernews.com/2024/07/proofpoint-email-routing-flaw-exploited.html) using the organization’s domain. ![Legacy Tool Capabilitie](https://media.mailhop.org/autospf/images/2026/03/spf-permerror-4640.jpg) As for Web Check, it focused more on public-facing websites and services The platform organization’s domains to identify potential issues such as [outdated software](https://www.baytechconsulting.com/blog/outdated-software-the-cybersecurity-time-bomb-organizations-ignore), insecure configurations, or exposed services that could be discovered through internet scanning. This allowed organizations to [identify vulnerabilities](https://www.forescout.com/analyst-report-gartner-ctem-2025/?utm%5Fsource=google&utm%5Fmedium=cpc&utm%5Fcampaign=ppc%5Fctem%5Fams&cq%5Fcon=200201753464&cq%5Fterm=cyber%20threat%20assessment&cq%5Fmed=&cq%5Fplac=&cq%5Fnet=g&gad%5Fsource=1&gad%5Fcampaignid=23225024565&gbraid=0AAAAADk8c7yRwfmj7PlqpgcaY6cm3nVVe&gclid=Cj0KCQiA8KTNBhD%5FARIsAOvp6DJf79-HJuXi-WVzfnRGPHBsufhmOQyMr5rBaulSvuh1AJYe%5FnzhQYgaAg%5FfEALw%5FwcB) in their [web infrastructure](https://www.linkedin.com/pulse/understanding-backbone-your-website-beginners-guide-web-kgaladi-gsctf) before attackers could exploit them. ## What does the retirement of Mail Check and Web Check mean for your organization? As per the latest announcement by the National Cyber Security Centre, organizations using Mail Check and Web Check will have to switch to alternate solutions once these services are retired on 31 March 2026\. This is a hard cutoff issued by the NCSC, after which users will no longer receive findings or alerts generated through these platforms. This means the issues these services used to flag, like email authentication problems, [DNS configuration](https://docs-cybersec.thalesgroup.com/bundle/v15.5-waf-administration-guide/page/90765.htm) issues, outdated website software, or exposed services on the internet, will no longer be reported through these platforms. ![Why Switch to EASM](https://media.mailhop.org/autospf/images/2026/03/spf-validator-1104.jpg) Organizations that relied on them will therefore need other tools to monitor these risks. Without that, security teams may simply not notice these issues until someone else finds them. One option NCSC recommends is the use of [External Attack Surface Management (EASM)](https://www.cycognito.com/glossary/external-attack-surface-management.php) tools. _These tools bring together the monitoring and visibility capabilities of both Mail Check and Web Check into a single platform, while also offering broader coverage of an organization’s internet-facing assets._ These tools can track domains, [DNS records](https://www.digicert.com/faq/dns/what-are-dns-records), websites, certificates, and other internet-facing services to help organizations understand what parts of their infrastructure are visible from the outside. As National Cyber Security Centre retires Web Check and Mail Check, [AutoSPF](/) helps security teams maintain strong email authentication. ### How does an EASM solution help monitor your attack surface? ![EASM: Unified Visibility](https://media.mailhop.org/autospf/images/2026/03/spf-record-syntax-3974.jpg) As we established earlier, Mail Check and Web Check helped organizations understand what their domain and website looked like from the outside, especially to the [cybercriminals](https://us.fashionnetwork.com/news/Cybercriminals-steal-customer-data-from-fashion-retailer-mango,1774245.html). But now that these tools will no longer be available, the NCSC is now encouraging organizations to adopt External Attack Surface Management (EASM) solutions. _These tools help security teams keep track of everything about their organization that is visible on the internet. This includes domains, DNS records, the website, and certificates._ By mapping out these assets, EASM platforms give organizations a clearer picture of their [external infrastructure](https://www.lawinsider.com/dictionary/external-infrastructure). ” alt=“The Path to Modern Security"" width=“700” height=“391” loading=“lazy” /> Moreover, EASM solutions help you conduct a security analysis of potential risks and vulnerabilities. This could include detecting gaps in software deployed, weak [email authentication](/blog/spf-record-explained-understanding-email-authentication-for-your-domain/) configurations, or services that may be unintentionally exposed to the internet. Apart from this, most EASM platforms also include features that help security teams manage and track these risks more easily. _For instance, these tools offer dashboards that give you an overview of your organization’s external attack surface, downloadable and shareable reports, and workflow features that allow your teams to assign, track, and resolve identified issues._ ![The NCSC Transition: From Service Retirement to EASM Success](https://media.mailhop.org/autospf/images/2026/03/spf-lookup-2711.jpg) With such comprehensive security and management capabilities, EASM solutions make for a practical replacement for tools like Mail Check and Web Check. They allow you to continuously monitor your external infrastructure, understand your [threat exposure](https://citalid.com/threat-exposure/), and identify risks attackers could exploit. Not sure how to transition from Mail Check and Web Check to these latest solutions? [Get in touch with us](/contact-us/) to see how we can help. ## Topics [ DKIM ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ SPF ](/tags/spf/) ![Brad Slavin](https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead for AutoSPF's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Ready to get started? Try AutoSPF free — no credit card required. [ Book a Demo ](/book-a-demo/) ## Related Articles [ Intermediate 5m The 12.4 billion shield for your email communications: Why DMARC software is the unsung hero in the war against phishing actors! Nov 19, 2025 ](/blog/12-4-billion-dmarc-software-shield-protecting-email-from-phishing-actors/)[ Intermediate 3m 3 points to consider before setting your SPF record to -all (HardFail) May 22, 2025 ](/blog/3-points-to-consider-before-setting-your-spf-record-hardfail/)[ Intermediate 6m 550 From address violates UsernameCaseMapped Policy: Why does this happen, and how to fix it? Feb 20, 2026 ](/blog/550-from-address-violates-usernamecasemapped-policy-common-causes-and-fixes/)[ Intermediate 6m 6 Best practices for maintaining an SPF record Jun 5, 2025 ](/blog/6-best-practices-for-maintaining-an-spf-record/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"NCSC is retiring Web Check and Mail Check: Here’s what it means for security teams","description":"Back in 2017, when the web wasn’t as structured as it is today from a security standpoint.","url":"https://autospf.com/blog/ncsc-retiring-web-check-mail-check-what-means-security-teams/","datePublished":"2026-03-06T17:35:26.000Z","dateModified":"2026-04-18T02:36:41.000Z","dateCreated":"2026-03-06T17:35:26.000Z","author":{"@type":"Person","@id":"https://autospf.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://autospf.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind AutoSPF, DMARC Report, Phish Protection, and Mailhop. He founded DuoCircle in 2014 to solve the SPF 10-DNS-lookup problem at scale and has led the company's growth to 2,000+ customers. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement) rather than hands-on DNS engineering.","image":"https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://autospf.com/blog/ncsc-retiring-web-check-mail-check-what-means-security-teams/"},"articleSection":"intermediate","keywords":"DKIM, DMARC, SPF","wordCount":881,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/autospf/images/2026/03/spf-checker-7871.jpg","caption":"cybersecurity transition in action","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://autospf.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://autospf.com/intermediate/"},{"@type":"ListItem","position":4,"name":"NCSC is retiring Web Check and Mail Check: Here’s what it means for security teams","item":"https://autospf.com/blog/ncsc-retiring-web-check-mail-check-what-means-security-teams/"}]} ```