Allowlisting (Whitelisting) in Mimecast

Anti-Spoofing Policy

Follow the steps below to allow MetaCompliance, on your behalf, to send emails appearing to come from an email address at your domain.

  1. Log on to your Mimecast Administration Console.
  2. Click on the 'Administration' toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select Anti-Spoofing from the list of policies displayed.
  5. Click on New Policy.
  6. Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections.
  7. In the 'Source IP Ranges' field, enter our IP ranges shown here.

Permitted Senders Policy

  • Note: Do not edit the default policy; you must create your own.
  1. Log on to your Mimecast Administration Console.
  2. Click on the 'Administration' toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select Permitted Senders from the list of policies displayed.
  5. Click on New Policy.
  6. Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections.
  7. In the 'Source IP Ranges' field, enter the appropriate IPs shown here.

Attachment Protection Bypass Policy

If you'd like to use attachments in your simulated phishing tests, follow the steps below to increase the likelihood that emails with attachments will successfully arrive in your users' inboxes.

  • Note: Mimecast may still prevent the delivery of attachments.  

Set up a test after creating this policy to ensure that your desired attachment goes through.

  1. Log on to your Mimecast Administration Console.
  2. Click on the 'Administration' toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select Attachment Protection Bypass from the list of policies displayed.
  5. Click on New Policy.
  6. Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections.
  7. In the 'Source IP Ranges' field, enter the appropriate IPs shown here.

URL Protection Bypass Policy

Mimecast's URL Protection Service scans and checks links in emails upon delivery. This can sometimes result in false positives for your phishing security tests.

Follow the steps below to create a URL Protection Bypass policy for accurate phishing security test results.

  1. Log on to your Mimecast Administration Console.
  2. Click on the 'Administration' toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select URL Protection Bypass from the list of policies displayed.
  5. Click on New Policy.
  6. Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections.
  7. In the 'Source IP Ranges' field, enter the appropriate IPs shown here.

Impersonation Protection Bypass Policy

If you’re sending whaling/phishing emails, purporting to come from users/domains that look like they are internal to your organisation, you'll want to create an Impersonation Protection Policy in your Mimecast console. 

  1. Log on to your Mimecast Administration Console.
  2. Click on the 'Administration' toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select Impersonation Protection Bypass from the list of policies displayed.
  5. Click on New Policy
  6. Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections.
    • For more information on these settings, see Mimecast's Configuring an Impersonation Protection Bypass Policy article. (Opens in a new window.)
    • Note: In the 'Select Option' field under Options, select the 'Impersonation Protection' definition you want to be bypassed.
      • If you have multiple definitions you would like to bypass, you will need to create a separate Impersonation Protection Bypass Policy for each one.
  7. In the 'Source IP Ranges' field, enter the appropriate IPs shown here.

Attachment Management Bypass Policy

If you'd like to use attachments in your simulated phishing tests, follow the steps below to prevent attachments from being stripped from emails, potentially resulting in skewed test results.

  1. Log on to your Mimecast Administration Console.
  2. Click on the 'Administration' toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select Attachment Management Bypass from the list of policies displayed.
  5. Click on New Policy.
  6. Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections.
  7. In the 'Source IP Ranges' field, enter the appropriate IPs shown here.

Greylisting Bypass Policy

You may want to set up this policy if you want to prevent Mimecast from preventing emails from being deferred. Below are instructions on how to add this policy.

  1. Log on to your Mimecast Administration Console.
  2. Click the 'Administration' toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select Greylisting from the list of policies displayed.
  5. Click on New Policy.
  6. Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections.
  7. In the 'Source IP Ranges' field, enter the appropriate IPs shown here.
  8. Click Save and Exit to save the changes.
Back to all articles