Mimecast Safelisting Guide

How to setup Safelisting in Mimecast

Using Mimecast security software, you can safelist (whitelist) BullPhish ID to allow your users to receive our simulated phishing and system emails.

If you run into problems while safe listing in Mimecast, we suggest you first reach out directly to Mimecast for assistance. 

Creating a Permitted Senders Policy

We advise creating a new permitted sender's policy within your Mimecast console to safelist the BullPhish ID.

Note: Do not edit your default Permitted Sender Policy. Instead, create a new one.

1. From the Mimecast Administration Console, open the Administration Toolbar.

  • Select Gateway | Policies.
  • Select Permitted Senders.
  • Select New Policy.

Select the below settings under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring a Permitted Senders Policy.

Enter BullPhish ID IP Address in the Source IP Ranges Field.

Important. For an up-to-date list of BullPhish ID IP addresses, see our Reference Guide for Deliverability.

Option

Settings

Policy Narrative

Phishing Tackle Permitted Senders

Select Option

Permit Sender

Emails From

 

Addresses Based On

Both

Applies From

Everyone

Specifically

Applies to all Recipients

Emails To

 

Applies To 

Everyone

Specifically

Applies to all Recipients

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Checked

Bi-directional

Unchecked

Source IP Ranges (n.n.n.n/x)

BullPhish IP addresses (found in our Reference Guide for Deliverability)

Greylisting in Mimecast

Adding BullPhish ID to the permitted sender's list (see above) should bypass Greylisting. However, we recommend following the below Greylisting steps to improve email deliverability.

1. From the Mimecast Administration Console, open the Administration Toolbar.

  • Select Gateway | Policies.
  • Select Greylisting.
  • Select New Policy.

Select the below settings under the Options, Emails From, Emails To, and Validity sections. Enter BullPhish ID IP Address in the Source IP Ranges Field. (For an up-to-date list of BullPhish ID IP addresses, see our Reference Guide for Deliverability.)

Option

Settings

Policy Narrative

BullPhish ID Greylist

Select Option

Take No Action

Emails From

 

Addresses Based On  

Both

Applies From

Everyone

Specifically

Applies to all Senders

Emails To

 

Applies To

Everyone

Specifically

Applies to all Recipients

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Checked

Bi-directional

Unchecked

Source IP Ranges (n.n.n.n/x)

BullPhish ID IP addresses (found in our guide Reference Guide for Deliverability)

Creating an Anti-Spoofing Policy

If you're spoofing the From or Reply-to domain on your template, please follow the below steps in Mimecast to allow simulated phishing emails to be sent from your domain.

  1. From the Mimecast Administration Console, open the Administration Toolbar.
  • Select Gateway | Policies.
  • Select Anti-Spoofing from the policies list.
  • Select New Policy.

Use the below settings under the Options, Emails From, Emails To, and Validity sections. For more information, read this article from Mimecast: Configuring an Anti-Spoofing Policy. Enter BullPhish ID IP Address in the Source IP Ranges Field. (For an up-to-date list of BullPhish ID IP addresses, see our  Reference Guide for Deliverability)

Option

Settings

Options

 

Policy Narrative

Phishing Tackle Anti-Spoof Allow Policy

Select Option

Take No Action

Emails From

 

Addresses Based On  

Both

Applies From

Everyone

Specifically

This applies to all Senders

Emails To

 

Applies To

Everyone

Specifically

Applies to all Recipients

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Checked

Bi-directional

Unchecked

Source IP Ranges (n.n.n.n/x)

BullPhish ID IP addresses (found in our guide Reference Guide for Deliverability)

Hostname(s)

Leave blank

Creating an Impersonation Protection Bypass Policy

To allow BullPhish ID simulated phishing emails from spoofed domains to reach your targets, you will want to create an Impersonation Protection Policy and an Anti-Spoofing Policy in the Mimecast Console.

To begin, you’ll need to make an impersonation protection definition (if not already done).

How to Create an impersonation protection definition

  1. From the Mimecast Administration Console, open the Administration Toolbar.
    • Choose Gateway | Policies.
  2. Hover over Impersonation Protection and click on Definitions.
  3. Click New Definition.
  4. Name the definition something unique, like "BullPhish ID Impersonation Protection Bypass Definition."
  5. Choose the relevant settings (shown below). For more information, see Mimecast's documentation in this article: https://community.mimecast.com/docs/DOC-1908#jive_content_id_Configuring_an_Impersonation_Protection_Definition.

impersonation_protection.PNG

Option

Corresponding Settings

Identifier settings

 

Description

BullPhish ID Impersonation Protection Bypass Def.

Similar Internal Domain

Checked

Similar Monitored External

Unchecked

Similarity Distance

1

Newly Observed Domain

Unchecked

Internal Username

Checked

Reply-to Address Mismatch

Checked

Targeted Threat Dictionary

Checked

Mimecast Threat Directory

Checked

Custom Threat Directory

[Leave as default]

Number of Hits

2

General Actions

 

Mark All Inbound Items as 'External'

Unchecked

How to Create an Impersonation Bypass Policy

  1. First, log into your Mimecast Administration Console.
  2. Click on the Administration toolbar.
    • Go to Gateway | Policies.
    • Choose Impersonation Protection Bypass from the policies list.
    • Click on the New Policy

Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. See Mimecast's Configuring an Impersonation Protection Bypass Policy article for more information on these settings. 

NOTE: In the Select Option field under Options, select the impersonation protection definition you want to be bypassed. If you have multiple purposes you would like to bypass, you will need to create a separate Impersonation Protection Bypass Policy for each one.

Enter BullPhish ID IP Address in the Source IP Ranges Field. (For an up-to-date list of BullPhish ID IP addresses, see our Reference Guide for Deliverability.)

Option

 

Policy Narrative

BullPhish Impersonation Test

Select Option

Impersonation Protection Definition

Emails From

 

Addresses Based On  

Both

Applies From

External Addresses

Specifically

Applies to all External Senders

Emails To

 

Applies To

Internal Addresses

Specifically

Applies to all Internal Recipients

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Checked

Bi-directional

Unchecked

Source IP Ranges

BullPhish ID IP addresses (found in our Reference Guide for Deliverability)

URL Protection Bypass Policy

Mimecast's URL Protection service scans links sent within emails as they are delivered. Occasionally, this causes simulated phishing emails to trigger this service. Follow the below steps to create a URL Protection Bypass policy.

NOTE: Configuring this policy is only necessary if Mimecast URL Protection has been enabled.

  1. From the Mimecast Administration Console, open the Administration Toolbar.
    • Select Gateway | Policies.
    • Select URL Protection Bypass.
    • Select New Policy.

Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. See Mimecast's article on Configuring a URL Protection Bypass Policy for more information on these settings.

Enter BullPhish ID IP Address in the Source IP Ranges Field. (For an up-to-date list of BullPhish ID IP addresses, see our Reference Guide for Deliverability.)

Option

Settings

Options

 

Policy Narrative

Phishing Tackle URL Protection Bypass

Select Option

Disable URL Protection

Emails From

 

Addresses Based On  

Both

Applies From

Everyone

Specifically

This applies to all Senders

Emails To

 

Applies To

Internal Addresses

Profile Group

Applies to all Internal Recipients

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Checked

Bi-directional

Unchecked

Source IP Ranges (n.n.n.n/x)

BullPhish ID IP addresses (found in our Reference Guide for Deliverability)

Hostname(s)

Leave blank

Attachment Protection Bypass Policy

If you'd like to use attachments in your simulated phishing tests, follow the steps below to increase the likelihood that emails with attachments from Bullphish will successfully arrive in your users' inboxes. Mimecast may still prevent the delivery of attachments. Set up a test after creating this policy to ensure your desired attachment goes through.

  1. From the Mimecast Administration console, open the Administration Toolbar.
    • Select Gateway | Policies.
    • Select Attachment Protection Bypass.
    • Select New Policy.
  2. Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's article on Configuring a URL Protection Bypass Policy.
    a. Enter Bullphish IP Address in the Source IP Ranges Field. (For an up-to-date list of Bullphish IP addresses, see our guide Reference Guide for Deliverability.)

Option

Settings

Options

 

Policy Narrative

Bullphish Attachment Protection Bypass

Select Option

Disable Attachment Protection

Emails From

 

Addresses Based On  

The Return Address (Email Envelope From)

Applies From

Everyone

Specifically

This applies to all Senders

Emails To

 

Applies To

Internal Addresses

Profile Group

Applies to all Internal Recipients

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Checked

Bi-directional

Unchecked

Source IP Ranges (n.n.n.n/x)

BullPhish ID IP addresses (found in our Reference Guide for Deliverability)

Attachment Management Bypass Policy

If you'd like to use attachments in your simulated phishing tests, follow the steps below to prevent attachments from being stripped from emails, potentially resulting in skewed test results.

  1. From the Mimecast Administration console, open the Administration Toolbar.
    • Select Gateway | Policies.
    • Select Attachment Protection Bypass.
    • Select New Policy.
  2. Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's article on Configuring a URL Protection Bypass Policy.
    a. Enter Bullphish IP Address in the Source IP Ranges Field. (For an up-to-date list of Bullphish IP addresses, see our guide Reference Guide for Deliverability.)

Option

Settings

Options

 

Policy Narrative

Bullphish Attachment Management Bypass

Select Option

Disable Attachment Management

Emails From

 

Addresses Based On  

Both

Applies From

Everyone

Specifically

Applies to all Senders

Emails To

 

Applies To

Everyone

Profile Group

Applies to all Recipients

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Checked

Bi-directional

Unchecked

Source IP Ranges (n.n.n.n/x)

BullPhish ID IP addresses (found in our Reference Guide for Deliverability)

DNS Authentication Bypass Policy (Optional)

If you are having issues with our emails being sent to your spam folder or being quarantined, you may want to set up this additional policy. First, you'll need to set up the inbound definition and then you can create the policy. Below are instructions on how to add this policy.

DNS Authentication - Inbound Definition Setup

  1. From the Mimecast Administration console, open the Administration Toolbar.

    • Select Gateway | Policies.

    • Click the Definitions drop-down menu.

    • Select the DNS Authentication - Inbound option.

    • Select New DNS Authentication - Inbound Checks.

  2. Create a name for the definition and leave all options unchecked.

  3. Click Save and Exit to save your changes.

DNS Authentication - Inbound Policy Setup

  1. From the Mimecast Administration console, open the Administration Toolbar.

    • Select Gateway | Policies.

    • Select the DNS Authentication - Inbound.
    • Select New Policy.

  2. Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's article on Configuring a URL Protection Bypass Policy.
    a. Enter Bullphish IP Address in the Source IP Ranges Field. (For an up-to-date list of Bullphish IP addresses, see our guide Reference Guide for Deliverability.)

Option

Setting

Options

 

Policy Narrative

Bullphish DNS Auth Bypass

Select Option

No Authentication

Emails From

 

Addresses Based On  

Both

Applies From

Everyone

Specifically

Applies to all Senders

Emails To

 

Applies To

Address Groups

Profile Group

Choose affected groups with Lookup button

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Checked

Bi-directional

Unchecked

Source IP Ranges (n.n.n.n/x)

BullPhish ID IP addresses (found in our Reference Guide for Deliverability)

Preventing Mimecast from Re-Writing Phishing Links

If you'd like to prevent Mimecast from re-writing the links in the Phishing tests you send, you can do so by adding Bullphish's phish link domains as Permitted URLs in Mimecast. You can find a list of our phish link domains (sending domains) in our guide Reference Guide for Deliverability. 

Keep in mind, we don't recommend creating an exception for this unless you also have exceptions for other senders already in place. Otherwise, seeing anything other than a rewritten Mimecast URL will be a red flag for users and may skew your results.

For more information on disabling link rewriting on permitted URLs, see Mimecast's Targeted Threat Protection: Managed URLs article. 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section