UK NCSC changes highlight the need for tools that make sense of DMARC data

Email domains are a popular target for cyberattackers, who use them to create messages that appear to come from a legitimate and trusted organization, but which are in fact designed for phishing attacks, financial theft, or to spread malware or spam.

This attack tactic, known as domain spoofing, poses a significant threat to organizations everywhere — not just in terms of potential fraud, monetary and data loss, but in terms of damage to customer trust and brand reputation.

The primary purpose of DMARC is to prevent this.

DMARC — or to give it its full name, domain-based message authentication, reporting and conformance — is an email authentication protocol that gives email domain owners the ability to protect their domain from unauthorized use.

The reports generated by DMARC implementations are immensely valuable to organizations looking for accurate and continuous oversight of their email security in an ever-evolving cyberthreat landscape.

In the UK, public sector organizations have been able to use a free Mail Check tool provided by the National Cyber Security Centre (NCSC) to identify, understand, and prevent abuse of their email domains.

However, starting March 24, 2025, the Mail Check service will no longer include DMARC aggregate reporting. The NCSC is actively encouraging organizations to transition to alternate DMARC tools to maintain visibility and control of their internet domains. 

The DMARC aggregate reporting challenge

DMARC sends a record to receiving email servers telling them whether emails passed or failed DMARC and other email security checks. It also provides details of the IP addresses and domains that sent emails on behalf of the organization’s domain, and the number of emails sent from each source.

DMARC compiles all this information into aggregated reports for the IT team, detailing how emails from the company’s domain have been handled by receiving email servers.

These reports are important. They tell domain owners about authentication failures, abuse attempts, email traffic, and configuration issues, and they help harden overall email security by ensuring only legitimate emails are sent from the organization’s domain.

However, these reports can also be dense and detailed. Many organizations turn to third-party tools to help them make sense of these reports. 

How Barracuda can help

Barracuda Domain Fraud Protection  provides deep visibility and analysis of an organization’s DMARC implementation. It features automation and an easy-to-use interface, and it helps organizations reduce risk, protect legitimate email, and prevent spoofing.

It also helps organizations to extract the full value and insight from DMARC reports.

DMARC reports are automatically gathered, analyzed, and visualized. This provides customers with high-level insights into the different email systems sending emails with their domains and gain access to in-depth information, including which IPs are passing and failing DMARC, domain misalignment, and spoofing samples.

Barracuda Domain Fraud Protection is available as part of the comprehensive Barracuda Email Protection platform. DMARC reporting is fully integrated into all Barracuda Email Protection plans but can also be purchased as a standalone service.

To speak with an expert about Barracuda support for integrated or standalone DMARC reporting, please contact us today.