Mimecast Allowlisting

Updated by Jacob Flinders

To successfully whitelist our phishing and training-related emails when using Mimecast, you should create a new Permitted Sender policy to allow our phishing and training-related emails through to your users' inbox.

Important: Do not edit your default Permitted Sender policy. A new one must be created.

Permitting Simulations and Emails

To allow a specific static IP address (in this case, through Mimecast, please follow these steps:

  1. Log in to your Mimecast Administration Console.
  2. Click the Administration toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select Permitted Senders from the list of policies displayed.
  5. Select the New Policy button.
  6. Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring a Permitted Senders Policy article.

Web Security- Configuring Block or Allow List Policy (mimecast.com)

  1. In the Source IP Ranges field (Shown below), enter again.

  1. Save your new policy.

If you require assistance setting this up or need any further information on this, please contact our support team.

Removing URL Protection

Mimecast scans URLs within emails to ensure they aren't malicious. This will sometimes cause clicks to be generated when the user hasn't clicked the simulation themselves.

Below is a short guide on how to remove this for Boxphish Simulations:

  1. Select the Gateway | Policies menu item.
  2. Select URL Protection Bypass
  3. Click 'New Policy'
  4. Complete the policy following the below settings:
  5. Save the Policy.
This will only apply to URLs from the Boxphish IP, URL Protection will still continue on other emails.

We hope you have found this guide useful. If there are any other areas you would like to be explained that have not been, or you have any questions or issues regarding this guide, please contact us at support@boxphish.com.

How did we do?