Whitelisting in Mimecast
This article will cover how to whitelist our Platform’s training notifications and simulated phishing emails if you are using Mimecast. Below are instructions for several different policies you'll need to implement in the Mimecast console to allow the Platform to function correctly.
In this Guide:
- Permitted Senders Policy
- Greylisting
- Impersonation Protection Bypass Policy
- Anti-Spoofing Policy
- URL Protection Bypass Policy
If you encounter issues whitelisting in Mimecast, we recommend contacting them directly for specific instructions. You can also contact us at support@goldphish.com.
Permitted Senders Policy
To successfully whitelist our phishing and training related emails when using Mimecast, we recommend creating a new Permitted Sender Policy within your Mimecast console.
NOTE: Do not edit your default Permitted Sender Policy, you MUST create a new one.
1. Log onto the Mimecast Administration console.
2. Open the Administration Toolbar.
3. Select Gateway | Policies.
4. Select Permitted Senders.
5. Select New Policy.
6. Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections.
For more information, see Mimecast's Configuring a Permitted Senders Policy.
7. Enter Our Domains in the Emails From > Applies From > Specifically Field.
| Option | Setting |
| Options | |
| Policy Narrative | Security Awareness Permitted Senders |
| Select Option | Permit Sender |
| Emails From | |
| Addresses Based On | Both |
| Applies From | Email Domain |
| Specifically | Our whitelisting technical information can be found here: Whitelisting Technical Information. |
| Emails To | |
| Applies To | Internal Addresses |
| Specifically | Applies to all Internal Recipients |
| Validity | |
| Enable/Disable | Take no action |
| Set policy as perpetual | Take no action |
| Date Range | Take no action |
| Policy Override | Take no action |
| Bi Directional | Take no action |
| Source IP Ranges (n.n.n.n/x) | Take no action |
Greylisting
Adding the Security Awareness Platform to the permitted senders list (above) should bypass Greylisting. However, we recommend following the Greylisting steps below to avoid any potential delivery issues:
1. Log onto the Mimecast Administration console.
2. Open the Administration Toolbar.
3. Select Gateway | Policies.
4. Select Greylisting.
5. Select New Policy.
6. Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections.
7. Enter Our Domains in the Emails From > Applies From > Specifically Field.
| Option | Setting |
| Options | |
| Policy Narrative | Security Awareness Platform Greylist |
| Select Option | Take no action |
| Emails From | |
| Addresses Based On | Both |
| Applies From | Email Domain |
| Specifically | Our whitelisting technical information can be found here: Whitelisting Technical Information. |
| Emails To | |
| Applies To | Internal Addresses |
| Specifically | Applies to all Internal Recipients |
| Validity | |
| Enable/Disable | Take no action |
| Set policy as perpetual | Take no action |
| Date Range | Take no action |
| Policy Override | Take no action |
| Bi Directional | Take no action |
| Source IP Ranges (n.n.n.n/x) | Take no action |
Impersonation Protection Bypass Policy
To enable simulated phishing emails that look like they are from users/domains within your organisation (spoofed domain), you'll need to create an Impersonation Protection Policy and Anti-Spoofing Policy in the Mimecast Console.
First, you'll need to create an impersonation protection definition (if you have not already created one).
Create an impersonation protection definition
1. Log onto the Mimecast Administration console.
2. Open the Administration Toolbar.
3. Select Gateway | Policies.
4. Select Impersonation Protection.
5. Select New Definition.
6. Give the Definition a descriptive name, E.G. "Security Awareness Impersonation Protection Bypass Definition".
7. Select the appropriate settings (below). For more information, see Mimecast's Configuring an Impersonation Protection Definition.
| Option | Setting |
| Identifier Settings | |
| Description | Security Awareness Impersonation Protection Bypass Definition |
| Similar Internal Domain | Checked |
| Similarity Distance | 1 |
| Newly Observed Domain | Unchecked |
| Internal User Name | Checked |
| Reply-to Address Mismatch | Checked |
| Targeted Threat Dictionary | Checked |
| Mimecast Threat Directory | Checked |
| Custom Threat Directory | [Leave as-is] |
| Number of Hits | 2 |
| Ignore Signed Messages | Unchecked |
| Identifier Actions | |
| Action | None |
| Tag Message Body | Unchecked |
| Tag Subject | Unchecked |
| Tag Header | Unchecked |
| General Actions | |
| Mark All Inbound Items as 'External' | Unchecked |
| Notifications | |
| Notify Group | [Leave as-is] |
| Notify (Internal) Recipient | Unchecked |
| Notify Overseers | Unchecked |
Create a policy to avoid the definition
1. Log onto the Mimecast Administration console.
2. Open the Administration Toolbar.
3. Select Gateway | Policies.
4. Select Impersonation Protection Bypass.
5. Select New Policy.
6. Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring an Impersonation Protection Bypass Policy.
7. Enter Our Domains in the Emails From > Applies From > Specifically Field.
| Option | Setting |
| Options | |
| Policy Narrative | Security Awareness Platform Impersonation Protection Bypass |
| Select Option | [Select the appropriate definition to bypass, Use the Security Awareness Platform definition (created above) if you have none] |
| Emails From | |
| Addresses Based On | Both |
| Applies From | Email Domain |
| Specifically | Our whitelisting technical information can be found here: Whitelisting Technical Information. |
| Emails To | |
| Applies To | Internal Addresses |
| Specifically | Applies to all Internal Recipients |
| Validity | |
| Enable/Disable | Take no action |
| Set policy as perpetual | Take no action |
| Date Range | Take no action |
| Policy Override | Take no action |
| Bi Directional | Take no action |
| Source IP Ranges (n.n.n.n/x) | Take no action |
Anti-Spoofing Policy
Follow the steps below to allow the Security Awareness Platform to send simulated phishing emails that appear to come from your domain:
1. Log onto the Mimecast Administration console.
2. Open the Administration Toolbar.
3. Select Gateway | Policies.
4. Select Anti-Spoofing from the policies list.
5. Select New Policy.
6. Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring an Anti-Spoofing Policy.
7. Enter Our Domains in the Emails From > Applies From > Specifically Field.
| Option | Setting |
| Options | |
| Policy Narrative | Security Awareness Anti-Spoof Allow Policy |
| Select Option | Take no action |
| Emails From | |
| Addresses Based On | Both |
| Applies From | Email Domain |
| Specifically | Our whitelisting technical information can be found here: Whitelisting Technical Information. |
| Emails To | |
| Applies To | Everyone |
| Specifically | Applies to all Internal Recipients |
| Validity | |
| Enable/Disable | Take no action |
| Set policy as perpetual | Take no action |
| Date Range | Take no action |
| Policy Override | Take no action |
| Bi Directional | Take no action |
| Source IP Ranges (n.n.n.n/x) | Take no action |
This will enable simulated phishing emails, that appear to be sent from your organisation's domain, to be successfully delivered to your recipients' inboxes. As with all whitelisting, we recommend setting up a test campaign to yourself or a small group to ensure everything works smoothly before running organisation-wide campaigns.
URL Protection Bypass Policy
Mimecast's URL Protection service scans links sent within emails as they are delivered. Occasionally, this causes simulated phishing emails to trigger this service. Follow the steps below to create a URL Protection Bypass policy.
1. Log onto the Mimecast Administration console.
2. Open the Administration Toolbar.
3. Select Gateway | Policies.
4. Select URL Protection Bypass.
5. Select New Policy.
6. Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring a URL Protection Bypass Policy.
7. Enter Our Domains in the Emails From > Applies From > Specifically Field.
| Option | Setting |
| Options | |
| Policy Narrative | Security Awareness Platform URL Protection Bypass |
| Select Option | Disable URL Protection |
| Emails From | |
| Addresses Based On | Both |
| Applies From | Email Domain |
| Specifically | Our whitelisting technical information can be found here: Whitelisting Technical Information. |
| Emails To | |
| Applies To | Internal Addresses |
| Specifically | Applies to all Internal Recipients |
| Validity | |
| Enable/Disable | Take no action |
| Set policy as perpetual | Take no action |
| Date Range | Take no action |
| Policy Override | Take no action |
| Bi Directional | Take no action |
| Source IP Ranges (n.n.n.n/x) | Take no action |
As with all whitelisting, we recommend setting up a test campaign to yourself or a small group to ensure everything works smoothly before running organisation-wide campaigns.
Whitelisting can be complicated so if you require any further assistance, please contact our support team by clicking here, alternatively contact us through the platform Web Widget.