Mimecast Safelisting Guide

How to setup Safelisting in Mimecast

Using Mimecast security software, you can safelist (whitelist) Bullphish to allow your users to receive our simulated phishing and system emails.

If you run into problems while safe listing in Mimecast, we suggest you first reach out directly to Mimecast for assistance.

Creating a Permitted Senders Policy

We advise creating a new permitted sender's policy within your Mimecast console to safelist the Bullphish.

Note: Do not edit your default Permitted Sender Policy. Instead, create a new one.

1. From the Mimecast Administration Console, open the Administration Toolbar.

  • Select Gateway | Policies.
  • Select Permitted Senders.
  • Select New Policy.

Select the below settings under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring a Permitted Senders Policy.

Enter Bullphish IP Address in the Source IP Ranges Field. (For an up-to-date list of Bullphish IP addresses, see our  “Reference Guide for Deliverability.”)

Option

Settings

Policy Narrative

Phishing Tackle Permitted Senders

Select Option

Permit Sender

Emails From

 

Applies To                   

Internal Addresses

Specifically

Applies to all Internal Recipients

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Checked

Bi-directional

Unchecked

Source IP Ranges (n.n.n.n/x)

Bullphish IP addresses (found in our “Reference Guide for Deliverability”)

Creating a Permitted Senders Policy

Adding Bullphish to the permitted sender's list (see above) should bypass Greylisting. However, we recommend following the below Greylisting steps to improve email deliverability.

1. From the Mimecast Administration Console, open the Administration Toolbar.

  • Select Gateway | Policies.
  • Select Greylisting.
  • Select New Policy.

Select the below settings under the Options, Emails From, Emails To, and Validity sections. Enter Bullphish IP Address in the Source IP Ranges Field. (For an up-to-date list of Bullphish IP addresses, see our “Reference Guide for Deliverability.”)

Option

Settings

Policy Narrative

Bullphish Greylist

Select Option

Take No Action

Emails From

 

Addresses Based On  

The Return Address

Applies From

Email Addresses

Specifically

Applies to all External Senders

Emails To

 

Applies To

Internal Addresses

Specifically

Applies to all Internal Recipients

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Checked

Bi-directional

Unchecked

Source IP Ranges (n.n.n.n/x)

Bullphish IP addresses (found in our guide “Reference Guide for Deliverability”)

Creating an Anti-Spoofing Policy

If you're spoofing the From or Reply-to domain on your template, please follow the below steps in Mimecast to allow simulated phishing emails to be sent from your domain.

  1. From the Mimecast Administration Console, open the Administration Toolbar.
  • Select Gateway | Policies.
  • Select Anti-Spoofing from the policies list.
  • Select New Policy.

Use the below settings under the Options, Emails From, Emails To, and Validity sections. For more information, read this article from Mimecast: Configuring an Anti-Spoofing Policy. Enter Bullphish IP Address in the Source IP Ranges Field. (For an up-to-date list of Bullphish IP addresses, see our  “Reference Guide for Deliverability.”)

Option

Settings

Options

 

Policy Narrative

Phishing Tackle Anti-Spoof Allow Policy

Select Option

Take No Action

Emails From

 

Addresses Based On  

Both

Applies From

Everyone

Specifically

Applies to all Senders

Emails To

 

Applies To

Everyone

Specifically

Applies to all Internal Recipients

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Checked

Bi-directional

Unchecked

Source IP Ranges (n.n.n.n/x)

Bullphish IP addresses (found in our guide “Reference Guide for Deliverability”)

Hostname(s)

Leave blank

Creating an Impersonation Protection Bypass Policy

To allow Bullphish simulated phishing emails from spoofed domains to reach your targets, you will want to create an Impersonation Protection Policy and an Anti-Spoofing Policy in the Mimecast Console.

To begin, you’ll need to make an impersonation protection definition (if not already done).

How to Create an impersonation protection definition

  1. From the Mimecast Administration Console, open the Administration Toolbar.
    • Choose Gateway | Policies.
  2. Hover over Impersonation Protection and click on Definitions.
  3. Click New Definition.
  4. Name the definition something unique, like "Bullphish Impersonation Protection Bypass Def."
  5. Choose the relevant settings (shown below). For more information, see Mimecast's documentation in this article: https://community.mimecast.com/docs/DOC-1908#jive_content_id_Configuring_an_Impersonation_Protection_Definition.

impersonation_protection.PNG

Option

Corresponding Settings

Identifier settings

 

Description

Bullphish Impersonation Protection Bypass Def.

Similar Internal Domain

Checked

Similar Monitored External

Unchecked

Similarity Distance

1

Newly Observed Domain

Unchecked

Internal Username

Checked

Reply-to Address Mismatch

Checked

Targeted Threat Dictionary

Checked

Mimecast Threat Directory

Checked

Custom Threat Directory

[Leave as default]

Number of Hits

2

General Actions

 

Mark All Inbound Items as 'External'

Unchecked

How to Create an Impersonation Bypass Policy

  1. First, log into your Mimecast Administration Console.
  2. Click on the Administration toolbar.
    • Go to Gateway | Policies.
    • Choose Impersonation Protection Bypass from the policies list.
    • Click on the New Policy

Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. See Mimecast's Configuring an Impersonation Protection Bypass Policy article for more information on these settings. 

NOTE: In the Select Option field under Options, select the impersonation protection definition you want to be bypassed. If you have multiple purposes you would like to bypass, and you will need to create a separate Impersonation Protection Bypass Policy for each one.

Enter Bullphish IP Address in the Source IP Ranges Field. (For an up-to-date list of Bullphish IP addresses, see our “Reference Guide for Deliverability”.)

Option

 

Policy Narrative

Bullphish Impersonation Test

Select Option

Impersonation Protection Definition

Emails From

 

Addresses Based On  

Both

Applies From

External Addresses

Specifically

Applies to all External Senders

Emails To

 

Applies To

Internal Addresses

Specifically

Applies to all Internal Recipients

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Unchecked

Bi-directional

Unchecked

Source IP Ranges

Bullphish IP addresses (found in our “Reference Guide for Deliverability”)

URL Protection Bypass Policy

Mimecast's URL Protection service scans links sent within emails as they are delivered. Occasionally, this causes simulated phishing emails to trigger this service. Follow the below steps to create a URL Protection Bypass policy.

NOTE: Configuring this policy is only necessary if Mimecast URL Protection has been enabled.

  1. From the Mimecast Administration Console, open the Administration Toolbar.
    • Select Gateway | Policies.
    • Select URL Protection Bypass.
    • Select New Policy.

Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. See Mimecast's article on Configuring a URL Protection Bypass Policy for more information on these settings.

Enter Bullphish IP Address in the Source IP Ranges Field. (For an up-to-date list of Bullphish IP addresses, see our “Reference Guide for Deliverability”.)

Option

Settings

Options

 

Policy Narrative

Phishing Tackle URL Protection Bypass

Select Option

Disable URL Protection

Emails From

 

Addresses Based On  

Both

Applies From

Everyone

Specifically

Applies to all Senders

Emails To

 

Applies To

Internal Addresses

Profile Group

Applies to all Internal Recipients

Validity

 

Enable/Disable

Enable

Set policy as perpetual

Always On

Date Range

All Time

Policy Override

Checked

Bi-directional

Unchecked

Source IP Ranges (n.n.n.n/x)

Bullphish IP addresses (found in our “Reference Guide for Deliverability”)

Hostname(s)

Leave blank

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us