How to Whitelist in Mimecast

Ensure that important emails from trusted sources, like training notifications or emails, bypass Mimecast's usual filtering processes by following these steps. This document guides you through setting up various policies within Mimecast to improve the deliverability and reliability of these critical communications.

Impersonation Protection Bypass Policy

To prevent Mimecast from blocking emails from known and safe sources due to impersonation protection rules, set up an Impersonation Protection Bypass Policy.

1. Note the to be allowed.

2. Log in to your Mimecast Administration Console.

3. Navigate to Administration > Gateway | Policies.

4. Choose Impersonation Protection Bypass from the policies list and click New Policy.

5. Configure the policy:

   • Applies From: Everyone (using IP addresses/Hostnames as the source)

   • Applies To: Everyone

6. Enter the specific IP addresses under .

7. Save the policy settings.

For more information on these settings, see Mimecast's article.

Anti-Spoofing Policy

Set up an Anti-Spoofing Policy to allow emails that appear to be coming from your domain.

2. Access Gateway | Policies via the Administration tab.

3. Select Anti-Spoofing, then New Policy.

4. Define the policy:

   • Emails From: Everyone (utilizing IP addresses)

   • Emails To: Everyone

6. Commit the changes to ensure that emails are recognized as legitimate. Configure Anti-Spoofing

Permitted Senders Policy

To allowlist emails specifically for training and phishing simulation:

2. Go to Gateway | Policies and select Permitted Senders.

3. Click New Policy and set the parameters:

   • Emails From: Everyone (with specified IPs)

   • Emails To: Everyone

5. Finalize the settings by saving the policy.

URL Protection Bypass Policy

For accurate phishing test results, exclude certain URLs from Mimecast's URL Protection.

1. Under Gateway | Policies, select URL Protection Bypass and then New Policy.

2. Adjust the policy settings:

   • Applies From: Everyone (IP addresses/hostnames as the source)

   • Applies To: Everyone

4. Save your changes to activate the policy.

Final Steps

After setting up these policies, conduct a small-scale test to ensure everything functions as intended before rolling out to your entire organization. This verification step is crucial to prevent disruptions and ensure that all settings are correctly applied.