How do I safelist in Mimecast?

If you’re using Mimecast security software, you can safelist (whitelist) the Portal to allow your users to receive our simulated phishing emails and system emails.

The areas adjusted are as follows:

Creating a Permitted Senders Policy
Greylisting in Mimecast
Creating an Anti-Spoofing Policy
Creating an Impersonation Protection Bypass Policy

The below section is necessary only if the associated package is activated:

URL Protection Bypass Policy

If you run into problems while safelisting in Mimecast, we suggest you first reach out directly to Mimecast for assistance.

Creating a Permitted Senders Policy

We advise creating a new Permitted Sender Policy within your Mimecast console in order to safelist the Portal.

NOTE: Do not edit your default Permitted Sender Policy. Instead, create a new one.

From the Mimecast Administration console, open the Administration Toolbar.
Select Gateway | Policies.
Select Permitted Senders.
Select New Policy.
Select the below settings under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring a Permitted Senders Policy.
Enter Portal's IP Address in the Source IP Ranges Field. (Please use the Hook IP addresses which you can download here.)

Option	Setting
Options
Policy Narrative	Phishing Tackle Permitted Senders
Select Option	Permit Sender

Emails From
Applies To	Internal Addresses
Specifically	Applies to all Internal Recipients

Validity
Enable/Disable	Enable
Set policy as perpetual	Always On
Date Range	All Time
Policy Override	Checked
Bi-directional	Unchecked
Source IP Ranges (n.n.n.n/x)	Portal IP addresses (found here)

Greylisting in Mimecast

Adding the Portal to the permitted senders list (see above) should bypass Greylisting. However, we recommend following the below Greylisting steps to improve email deliverability.

From the Mimecast Administration console, open the Administration Toolbar.
Select Gateway | Policies.
Select Greylisting.
Select New Policy.
Select the below settings under the Options, Emails From, Emails To, and Validity sections.
Enter Portal's IP Address in the Source IP Ranges box. (You can find a list of Portal IP addresses in this article.)

Option	Setting
Options
Policy Narrative	Portal Greylist
Select Option	Take No Action

Emails From
Addresses Based On	The Return Address
Applies From	Email Addresses
Specifically	Applies to all External Senders

Emails To
Applies To	Internal Addresses
Specifically	Applies to all Internal Recipients

Validity
Enable/Disable	Enable
Set policy as perpetual	Always On
Date Range	All Time
Policy Override	Checked
Bi Directional	Unchecked
Source IP Ranges (n.n.n.n/x)	Portal IP addresses (found here)

Creating an Anti-Spoofing Policy

If you're spoofing the From or Reply-to domain on your template, then follow the below steps in Mimecast to allow simulated phishing emails to be sent from your domain.

From the Mimecast Administration console, open the Administration Toolbar.
Select Gateway | Policies.
Select Anti-Spoofing from the policies list.
Select New Policy.
Use the below settings under the Options, Emails From, Emails To, and Validity sections. For more information, read this article from Mimecast: Configuring an Anti-Spoofing Policy.
Enter Portal's IP Address in the Source IP Ranges Field. (You can find a list of Portal IP addresses in this document.)

Option	Setting
Options
Policy Narrative	Phishing Tackle Anti-Spoof Allow Policy
Select Option	Take no action

Emails From
Addresses Based On	Both
Applies From	Everyone
Specifically	Applies to all Senders

Emails To
Applies To	Everyone
Specifically	Applies to all Internal Recipients

Validity
Enable/Disable	Enable
Set policy as perpetual	Always On
Date Range	All Time
Policy Override	Checked
Bi Directional	Unchecked
Source IP Ranges (n.n.n.n/x)	Portal IP addresses (found in this document)
Hostname(s)	Leave blank

Creating an Impersonation Protection Bypass Policy

To allow Portal simulated phishing emails that are from spoofed domains to reach your targets, you will want to create an Impersonation Protection Policy as well as an Anti-Spoofing Policy in the Mimecast Console.

To begin, you’ll need to make an impersonation protection definition (if not already done).

How to Create an impersonation protection definition

From the Mimecast Administration console, open the Administration Toolbar.
Choose Gateway | Policies.
Hover over Impersonation Protection and click on Definitions.
Click New Definition.
Name the definition something unique, like "Portal Impersonation Protection Bypass Def."
Choose the relevant settings (shown below). For more information, see Mimecast's documentation in this article: https://community.mimecast.com/docs/DOC-1908#jive_content_id_Configuring_an_Impersonation_Protection_Definition.

Option	Corresponding Setting
Identifier settings
Description	Portal Impersonation Protection Bypass Def.
Similar Internal Domain	Checked
Similar Monitored External	Unchecked
Similarity Distance	1
Newly Observed Domain	Unchecked
Internal User Name	Checked
Reply-to Address Mismatch	Checked
Targeted Threat Dictionary	Checked
Mimecast Threat Directory	Checked
Custom Threat Directory	[Leave as default]
Number of Hits	2

Identifier Actions
Action	None
Tag Message Body	Unchecked
Tag Subject	Unchecked
Tag Header	Unchecked

General Actions
Mark All Inbound Items as 'External'	Unchecked

Notifications
Notify Group	[Leave as default]
Notify (Internal) Recipient	Unchecked
Notify Overseers	Unchecked

How to Create an Impersonation Bypass Policy

First, log into your Mimecast Administration Console.
Click on Administration toolbar.
Go to Gateway | Policies.
Choose Impersonation Protection Bypass from the policies list.
Click on the New Policy button.
Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring an Impersonation Protection Bypass Policy article.
NOTE: In the Select Option field under Options, select the impersonation protection definition you want to be bypassed. If you have multiple definitions you would like to bypass, you will need to create a separate Impersonation Protection Bypass Policy for each one.
In the Source IP Ranges field, enter Portal IPs, found in this document.

Options
Policy Narrative	Portal Impersonation Test
Select Option	Impersonation Protection Definition

Emails From
Addresses Based On	Both
Applies From	External Addresses
Specifically	Applies to All External Senders

Emails To
Applies To	Internal Addresses
Specifically	Applies to all Internal Recipients

Validity
Enable/Disable	Enable
Set Policy as Perpetual	Always On
Date Range	All Time
Policy Override	Unchecked
Bi Directional	Unchecked
Source IP Ranges	Portal IP addresses (found in this document)

URL Protection Bypass Policy

Mimecast's URL Protection service scans links sent within emails as they are delivered. Occasionally, this causes simulated phishing emails to trigger this service. Follow the below steps to create a URL Protection Bypass policy.

NOTE: Configuring this policy is only necessary if Mimecast URL Protection has been enabled.

From the Mimecast Administration console, open the Administration Toolbar.
Select Gateway | Policies.
Select URL Protection Bypass.
Select New Policy.
Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's article on Configuring a URL Protection Bypass Policy.
Enter Portal's IP Address in the Source IP Ranges Field. (You can find a list of Portal IP addresses in this document.)

Option	Setting
Options
Policy Narrative	Phishing Tackle URL Protection Bypass
Select Option	Disable URL Protection

Emails From
Addresses Based On	Both
Applies From	Everyone
Specifically	Applies to all Senders

Emails To
Applies To	Internal Addresses
Profile Group	Applies to all Internal Recipients

Validity
Enable/Disable	Enable
Set policy as perpetual	Always On
Date Range	All Time
Policy Override	Checked
Bi Directional	Unchecked
Source IP Ranges (n.n.n.n/x)	Portal IP addresses (found in this document)