With email still the top entry point for cyber threats, New Zealand’s government is taking action. The Secure Government Email (SGE) Framework requires all public sector domains to adopt DMARC and other email security protocols by October 2025.
PowerDMARC makes it easy, helping you deploy and manage everything from DMARC to MTA-STS, with full compliance and zero complexity!
Officially Listed on Pae Hokohoko Marketplace
To counter rising email threats, the New Zealand Government now requires all agencies to implement strict email authentication under the Secure Government Email (SGE) Framework.
DMARC at p=reject policy
DMARC reporting
SPF and DKIM
MTA-STS and TLS-RPT
TLS 1.2 or higher
Data Loss Prevention (DLP)
SGE aims to replace the legacy SEEMail system, bringing New Zealand’s email security in line with global best practices.
All NZ government domains, sending and non-sending, must meet SGE email security standards by October 2025.
Phishing affects everyone: public and private. Several New Zealand domains still remain unprotected or misconfigured, leaving room for:
DMARC builds on SPF and DKIM to block spoofed emails before they reach inboxes. It:
Based on the 2025 analysis of nearly 1,000 New Zealand domains:
SPF is Standard: Approximately 81.2% of NZ domains have a correct SPF record.
DMARC Awareness is Growing: Roughly 62.5% of domains have a DMARC record, but many are still in “monitoring” mode.
Enforcement Gap: Only 16.7% of domains have reached the strictest p=reject policy, leaving the majority vulnerable to impersonation.
Encryption Lag: Less than 3% of NZ domains have implemented MTA-STS, a key requirement of the new government framework.
The NZ market features providers that specialize in helping organizations meet the SGE deadline and NZISM standards.
G2 Rating: 4.9/5
Ideal for: SMBs, Enterprises, Government Agencies, and MSPs/MSSPs.
About PowerDMARC
PowerDMARC is a highly-rated, all-encompassing email authentication and DMARC management platform. It streamlines the deployment, monitoring, and enforcement of a full security stack, including DMARC, SPF, DKIM, MTA-STS, TLS-RPT, and BIMI, within a single, integrated dashboard. Its partner-first model offers specialized white-labeling and multi-tenant management for MSPs.
Key Benefits
Free Trial: Yes | Starting Price: $8/month (Basic plan for up to 5 domains).
G2 rating: 4.6/5
Ideal for: Large enterprises and compliance-heavy organizations needing automated enforcement.
About Valimail
Valimail pioneered the “hosted DMARC” concept, focusing on high-scale automation to move large organizations to enforcement quickly. It prioritizes identity-driven authentication and ease of use for complex corporate environments.
Pros & Cons
Free Trial: Yes (Monitor is free) | Starting Price: Custom for Enforce/Align plans.
G2 rating: 3.5/5
Ideal for: Teams seeking expert-led deployment, deep reporting, and educational resources.
About dmarcian
Founded by early contributors to the DMARC standard, dmarcian focuses on converting complex XML data into actionable workflows. They emphasize “DMARC for All” through a mix of software and consulting services.
Pros & Cons
Free Trial: Yes | Starting Price: $24/month.
G2 rating: 4.8/5
Ideal for: MSPs and organizations managing vast portfolios of domains.
About DMARC Report
This platform is built for high-volume reporting and scalability. It excels at parsing large amounts of data into human-readable summaries, making it a favorite for agencies that need to provide clear value to their clients.
Pros & Cons
Free Trial: Yes | Starting Price: $25/month.
G2 rating: 4.9/5
Ideal for: Organizations requiring a guided journey to enforcement and advanced threat detection.
About Sendmarc
Sendmarc combines a user-friendly platform with expert engineering support. They focus on helping organizations reach a “Reject” policy safely, typically within a 90-day window, while providing visibility into the entire sending ecosystem.
Pros & Cons
Free Trial: Yes | Starting Price: Contact sales.
Implementing DMARC manually is hard. PowerDMARC makes it simple, secure, and fully compliant, especially for New Zealand agencies transitioning to the SGE Framework.
24/7 expert support with deep SGE framework knowledge
Localized compliance help for NZ government agencies
Government-trusted platform with proven results
Try our instant domain scanner to see if your domain is at risk.
“Our business is based on trust, not only between us and clients but partners as well. The great partnership we have with PowerDMARC allows us to deliver exceptional services to our clients.”
Steve Smith | Auckland Regional Manager at Advantage
Yes, for the public sector. The Secure Government Email (SGE) Framework requires all NZ government agencies to enforce DMARC at p=reject by October 2025.
While over 60% have a DMARC record, less than 20% are effectively blocking spoofing with a “Reject” policy, leaving a significant portion of the country at risk.
The Secure Government Email framework is a set of open-standard requirements (DMARC, SPF, DKIM, MTA-STS) replacing the legacy SEEMail system to modernize NZ’s email security.
To stay secure and compliant with modern standards, organizations should aim for p=reject. This ensures that any unauthorized email using your domain is blocked before reaching the recipient.
Look for a provider that supports the full “SGE stack” (including MTA-STS and TLS-RPT), offers local support, and provides SPF optimization to avoid DNS lookup errors.
Whether you’re racing to meet the October 2025 SGE deadline or proactively protecting your brand from phishing attacks, PowerDMARC is your partner in email authentication.
