Anti-Spoofing Policy

Follow the steps below to allow MetaCompliance to send emails on your behalf that appear to come from an email address at your domain.

1. Log on to your Mimecast Administration Console.
2. Click on the Administration toolbar button.
3. Select the Gateway | Policies menu item.
4. Select Anti-Spoofing from the list of policies displayed.
5. Click on New Policy.
6. Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. (For help with these settings, see Mimecast's Configuring an Anti-Spoofing Policy article.)
7. In the Source IP Ranges field, enter the IP ranges shown here.

Permitted Senders Policy

⚠️ Note: Do not edit the default policy; you must create your own.

1. Log on to your Mimecast Administration Console.
2. Click on the Administration toolbar button.
3. Select the Gateway | Policies menu item.
4. Select Permitted Senders from the displayed list of policies.
5. Click on New Policy.
6. Configure the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. (For more guidance on these settings, refer to Mimecast's Configuring a Permitted Senders Policy article.) 
7. In the Source IP Ranges field, enter the appropriate IPs shown here.

Attachment Protection Bypass Policy

Use this policy if you plan to include attachments in your phishing simulations. It increases the likelihood that attachments reach users successfully.

⚠️ Note: Mimecast may still block certain attachments. Always conduct a test after creating this policy to check for successful delivery.

1. Log on to your Mimecast Administration Console.
2. Click on the Administration toolbar button.
3. Select the Gateway | Policies menu item.
4. Select Attachment Protection Bypass from the displayed list of policies.
5. Click on New Policy.
6. Configure the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. (For more information on these settings, see Mimecast's Configuring Attachment Protection Bypass Policies article.)
7. In the Source IP Ranges field, enter the appropriate IPs shown here.

URL Protection Bypass Policy

Mimecast's URL Protection Service scans and checks links in emails upon delivery. This can sometimes result in false positives for your phishing security tests.

Creating a bypass policy helps ensure accurate results.

1. Log on to your Mimecast Administration Console.
2. Click on the Administration toolbar button.
3. Select the Gateway | Policies menu item.
4. Select URL Protection Bypass from the displayed list of policies.
5. Click on New Policy.
6. Configure the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. (For more information on these settings, see Mimecast's Configuring a URL Protection Bypass Policy article.) 
7. In the Source IP Ranges field, enter the appropriate IPs shown here.

Impersonation Protection Bypass Policy

If you’re sending whaling/phishing emails purporting to come from users/domains that look like they are internal to your organisation, you'll want to create an Impersonation Protection Policy. 

1. Log on to your Mimecast Administration Console.
2. Click on the Administration toolbar button.
3. Select the Gateway | Policies menu item.
4. Select Impersonation Protection Bypass from the displayed list of policies.
5. Click on New Policy. 
6. Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. (For more guidance on these settings, see Mimecast's Configuring an Impersonation Protection Bypass Policy article.)
7. Under Options → Select Option field , select the Impersonation Protection definition you want to bypass.
   • If multiple definitions are to be bypassed, you must create a separate policy for each one.
8. In the Source IP Ranges field, enter the appropriate IPs shown here.

Attachment Management Bypass Policy

Create this policy to prevent Mimecast from stripping attachments, which may otherwise impact your phishing test results.

1. Log on to your Mimecast Administration Console.
2. Click on the Administration toolbar button.
3. Select the Gateway | Policies menu item.
4. Select Attachment Management Bypass from the displayed list of policies.
5. Click on New Policy.
6. Configure the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. (For more information on these settings, see Mimecast's Configuring Attachment Management Bypass Policies article.)
7. In the Source IP Ranges field, enter the appropriate IPs shown here.

Greylisting Bypass Policy

This policy prevents emails from being deferred due to Mimecast’s greylisting checks.

1. Log on to your Mimecast Administration Console.
2. Click the Administration toolbar button.
3. Select the Gateway | Policies menu item.
4. Select Greylisting from the displayed list of policies.
5. Click on New Policy.
6. Configure the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. (For more information on these settings, see Mimecast's Configuring Greylisting Policies article.)
7. In the Source IP Ranges field, enter the appropriate IPs shown here.
8. Click Save and Exit to save the changes.

Managed URLs

We have recently noticed that despite having a URL Protection Bypass Policy in place, Mimecast will still sometimes strip the link from the email, therefore not allowing click actions to be recorded.

From Mimecast Support, the best way to combat this will be to add the sending domain as a Managed URL.

The path for this is; Email Security > URL Protection > URL Tools > Managed URLs > Add Managed URLs

An example of how to add this using the domain amaz0n.website as an example;

http://*.amaz0n.website

Justification from Mimecast's Support team: 'It's being caught by Mimecast's URL Protection even with the bypass is because the emails are being reported through End User Reporting, which involves sending the actual URL to Mimecast coming from your domains, so you will need to allowlist the URLs here too'.

CyberGraph Policy (Optional)

If you’re having issues with Mimecast removing Metacompliance’s email trackers, you can set up this policy. Mimecast’s CyberGraph Policy will prevent email trackers from being removed. To set up the CyberGraph policy, follow the steps below:

1. Log in to your Mimecast Administration console.
2. Navigate to Services > CyberGraph.
3. Click Create New Policy.
4. Enter a Name for the policy, such as “Metacompliance CyberGraph Policy”.
5. (Optional) Enter a Description for the policy.
6. In the Dynamic Banners field, select Disabled.
7. In the Trackers field, select Disabled.
8. In the User Reporting field, select Disabled.
9. Click Next.
10. In the Applies To section, set the From field to Everyone. Then, set the To field to Everyone.
11. In the Source IP Ranges field, enter Metacompliance’s IP addresses.
12. Click Next. You’ll be taken to the Summary page to confirm your settings are correct.
13. In the Policy Status field, click Enabled.
14. Click Create New Policy.