[elementor-element data="eyJpZCI6ImRlMDY5ZDEiLCJlbFR5cGUiOiJjb250YWluZXIiLCJzZXR0aW5ncyI6eyJfdGl0bGUiOiJpdGVtICMxIiwiY29udGVudF93aWR0aCI6ImZ1bGwiLCJodG1sX3RhZyI6ImRpdiIsImJvcmRlcl9ib3JkZXIiOiJub25lIn0sImVsZW1lbnRzIjpbeyJpZCI6ImRkNDczNDgiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5TZWN1cmUgR292ZXJubWVudCBFbWFpbCAoU0dFKSBpcyBOZXcgWmVhbGFuZFx1MjAxOXMgZ292ZXJubWVudC1tYW5kYXRlZCBlbWFpbCBzZWN1cml0eSBmcmFtZXdvcmsuIFNHRSB1c2VzIGluZHVzdHJ5LXN0YW5kYXJkIHByb3RvY29scyAtIGluY2x1ZGluZyBEb21haW4tYmFzZWQgTWVzc2FnZSBBdXRoZW50aWNhdGlvbiwgUmVwb3J0aW5nLCBhbmQgQ29uZm9ybWFuY2UgKERNQVJDKSwgU2VuZGVyIFBvbGljeSBGcmFtZXdvcmsgKFNQRiksIGFuZCBEb21haW5LZXlzIElkZW50aWZpZWQgTWFpbCAoREtJTSkgLSB0byBwcm90ZWN0IGdvdmVybm1lbnQgY29tbXVuaWNhdGlvbnMgZnJvbSBzcG9vZmluZywgcGhpc2hpbmcsIGFuZCBvdGhlciBlbWFpbC1iYXNlZCB0aHJlYXRzLjxcL3A+IiwiX19nbG9iYWxzX18iOnsidHlwb2dyYXBoeV90eXBvZ3JhcGh5IjoiZ2xvYmFsc1wvdHlwb2dyYXBoeT9pZD10ZXh0In0sIl9wYWRkaW5nIjp7InVuaXQiOiJweCIsInRvcCI6IjAiLCJyaWdodCI6IjAiLCJib3R0b20iOiIwIiwibGVmdCI6IjIyIiwiaXNMaW5rZWQiOmZhbHNlfX0sImVsZW1lbnRzIjpbXSwid2lkZ2V0VHlwZSI6InRleHQtZWRpdG9yIn1dLCJpc0lubmVyIjp0cnVlLCJpc0xvY2tlZCI6dHJ1ZX0="]

What is SGE? Understanding New Zealand’s government requirement

Protect your government email domain from phishing, spoofing, and data breaches with Sendmarc’s expert solutions. Achieve full compliance with New Zealand’s Secure Government Email (SGE) framework quickly and effectively.

Book a demo or start a free trial today to secure your email and safeguard sensitive communications.

Why SGE matters for email security

Email remains a primary communication channel for government agencies, often carrying sensitive information that requires the highest level of protection. Unfortunately, these domains are frequent targets for cybercriminals who attempt to impersonate trusted senders, steal data, or disrupt operations.

SGE protects government email communications through strict authentication and encryption standards.

By implementing SGE, agencies can:

Protect sensitive information: Emails are protected via advanced authentication and encryption protocols.
Prevent phishing and spoofing attacks: It helps ensure that emails sent from government domains are verified, making it harder for threat actors to impersonate official senders.
Enhance compliance: SGE aligns with the New Zealand Information Security Manual (NZISM), helping organizations meet regulatory and security standards.

In short, it isn’t just a technical requirement – it’s a vital step toward securing New Zealand’s government communications.

Understanding SGE: What is Secure Government Email?

SGE is an email security framework mandated by the New Zealand government to protect email traffic. It replaces the SEEMail system (which will be retired in 2026) with a modern approach that’s better aligned with today’s cybersecurity needs.

Key objectives

SGE has been introduced to:

Improve the security of external email: By enforcing authentication and encryption, the framework reduces the risk of email-based attacks.
Reduce spoofing: SGE uses protocols that verify sender identity and message integrity to help prevent impersonation.
Retire legacy systems: The SEEMail service will be replaced with open standards, improving compatibility and flexibility.

Important terms and protocols

To fully understand the framework, it’s helpful to know the key email security protocols it uses:

Domain-based Message Authentication, Reporting, and Conformance (DMARC): Allows domain owners to specify how unauthenticated emails should be handled.
Sender Policy Framework (SPF): Defines which email servers are authorized to send messages on behalf of a domain.
DomainKeys Identified Mail (DKIM): Uses cryptographic signatures to allow recipients to verify that an email hasn’t been altered in transit.
Message Transfer Agent Strict Transport Security (MTA-STS): Enforces the use of Transport Layer Security (TLS) encryption for email transport, preventing downgrade attacks.
Transport Layer Security Reporting (TLS-RPT): Provides visibility into encryption failures and delivery issues by generating reports for domain owners.

These protocols work together to provide layered protection and significantly strengthen email security.

Book a demo or start a free trial to see how we simplify the implementation and management of these standards.

SGE compliance requirements and deadlines

Compliance is mandatory for all New Zealand government agencies.

To achieve full compliance with the framework, organizations must implement:

An SPF record with a fail (–all) policy
DKIM signing on all outbound communications
A DMARC policy of p=reject with strict DKIM alignment, where possible
DMARC compliance evaluations on incoming messages
TLS1.2 at minimum
A defined MTA-STS record set to enforce
TLS-RPT on all sending domains

Compliance deadline

All government agencies must be fully compliant by October 2025.

Failing to meet this deadline might result in:

Increased risk of email-based attacks
Loss of public trust
Potential reputational damage

Resources and tools to help you implement SGE

While implementation might seem complex, the right tools and guidance can make the process effortless.

Sendmarc provides a comprehensive range of solutions to support your organization’s path to full enforcement:

Automated DMARC, SPF, and DKIM management: Simplify the creation and maintenance of DNS records.
MTA-STS and TLS-RPT configuration: Ensure secure email transport and gain visibility through detailed reporting.
Real-time monitoring and alerts: Stay ahead of authentication failures and potential cyberthreats.
Expert support: Access guidance from specialists in email security and DMARC compliance.
User-friendly dashboards: Visualize email traffic, compliance status, and security metrics at a glance.

Get started with Sendmarc’s easy DMARC setup today.

SGE FAQs

What is SGE?

Secure Government Email (SGE) is New Zealand’s government-mandated email security framework. SGE uses industry-standard protocols – including Domain-based Message Authentication, Reporting, and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM) – to protect government communications from spoofing, phishing, and other email-based threats.

Why is the SGE being implemented?

The SGE framework is being implemented to enhance email security across government agencies. It enhances overall protection, helps prevent phishing and spoofing attacks, and enables the retirement of the SEEMail service.

What is the deadline for SGE compliance?

The deadline for full compliance with the SGE framework is October 2025. Organizations must have all required security protocols in place by this date to meet government mandates.

How does SGE improve on the previous SEEMail system?

SGE is an improvement on the SEEMail system as it uses freely available security controls that enhance compatibility and protection.

Are there resources to assist with SGE implementation?

Yes. Sendmarc offers a full range of resources and tools to support SGE implementation. These include automated DNS record management, secure transport configuration (MTA-STS and TLS-RPT), real-time monitoring, compliance dashboards, and expert guidance to help agencies achieve full compliance efficiently.

What is SGE? Understanding New Zealand’s government requirement

Why SGE matters for email security

Understanding SGE: What is Secure Government Email?

Key objectives

Important terms and protocols

SGE compliance requirements and deadlines

Compliance deadline

Resources and tools to help you implement SGE

SGE FAQs

Resources

DMARC compliance

Related blog articles

How secure is your brand name from email scammers?

Platform & Services

Company

Resources