How to configure Mimecast Impersonation Protection Bypass policy

Here is the step by step process to configure the Mimecast Impersonation Protection Bypass policy.

If you are not sure what is Impersonation Protection is here is the definition (Courtesy Mimecast.com)

The increasing number of “whaling” attacks, usually targeting an organization’s senior management, means additional protection is required against email threats that do not contain attachments or URLs. Traditional spam filtering systems are unable to detect these as suspicious, due to their minimal content. Targeted Threat Protection – Impersonation Protect solves this, by:

  • Looking for combinations of key identifiers commonly found in these attacks.
  • Tagging a message to make it clear that it is coming from outside your organization.

 

So before look at the configurations we first need to gather the required details to configure the bypass policy.

  1. First thing we need to do is a “Message Tracking” for the email address that you need to setup the bypass. In our case it is Renjith@renjithmenon.com. Here I am running a message tracking query which originates from Renjith@renjithmenon.com. To access message tracking go to Click on Administration Tool Message Center > Message Tracking 

2. On the next screen you can see the search result which displays the “From” and “To” address names are same and Renjith@virtualarcs.com is an internal address. So when an external user with the same name send an email it has blocked the sender based on the Impersonation Protection rule. We need to note down the IP Address field as we need this information during the bypass policy configuration.

3. Next you need to go to the Administration tool bar on the top and then click on Gateway>Policies now click on the Administration Protection Bypass.

4. Next you need to click on the New Policy button.

5. Next you will need to configure all the fields as shown in the below image.

Policy Narrative : Some keywords for you to identify this at later stage.

Select Option : Click on the Lookup button to display a list of Impersonation Protection definitions. Click on the Select link to the left of the definition to bypass when the policy is triggered.

For the Emails from field under specifically I have given the specific email address that I need to create bypass. I have the flexibility to bypass the whole domain as well.

Source IP Ranges : Specify any required source IP ranges for the policy. These only apply if the source IP address used to transmit the email data falls inside, or matches, the range(s) configured. IP ranges should be entered in CIDR notation.

So thats the all to complete the configuration. Now you may save and exit from the wizard. Test your bypass policy by sending a test email and verify that from the message tracking feature.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.