CyberGraph 2.0 - Configuration for Google Workspace

This guide describes the process of configuring CyberGraph 2.0 for Google Workspace.

Prerequisites

Before you start the configuration process, ensure the following prerequisite tasks are completed:

• • • Ensure your Mimecast Cloud Gateway and CyberGraph accounts are established.
    • Ensure you have administrator permissions to the Google Workspace Admin console and GMail Services.
    • Configure a sub-organization with default settings, including 1-3 test users.
    • The CyberGraph URLs are added to your organization's internet security settings. See the CyberGraph 2.0 - Trusted Sites page for further details.

Configuration

Some directions here are part of configuring your mail for Mimecast in general rather than being specific to CyberGraph; therefore, we reference other Cloud Gateway configuration articles.

To configure Google Workspace for your environment, follow the steps outlined in the articles linked below:

Creating an Inbound Gateway

Configure your inbound gateway as per the instructions included in the following article: Email Security Cloud Gateway - Setting Up Your Inbound Mail.

Creating a Host

The inbound gateway should be configured per the Email Security Cloud Gateway document: Email Security Cloud Gateway - Setting Up Your Outbound Email.

Adding CyberGraph to the Email Allowlist

Ensure that Mimecast is correctly added to your Google Workspace email allowlist per the directions in the article: Email Security Cloud Gateway - Setting Up Your Inbound Email.

Avoiding Cached Banner Images from Google

Following action on previously reported messages via CyberGraph, when the message is reopened, Google may attempt to serve a cached image that does not reflect the current Mimecast status.

To avoid receiving cached Google images for CyberGraph banners, customers must refer to https://support.google.com/a/answer/3299041 and follow Google's instructions on creating an Image URL Proxy Allowlist.

When asked to enter a URL Proxy Allowlist pattern, use the following: mimecastcybergraph.com/

Avoiding the Google Spam Filter

Some customers may find that Google is incorrectly tagging messages with CyberGraph banners as Spam.
Given that Mimecast already scans messages for Spam, it is safe to bypass the Google Spam filter for messages that Mimecast as already determined as low risk.

To avoid the Google Spam filter, try the steps below:

1. Navigating the Google Workspace Admin Console:

• • To begin, log in to your Google Workspace Admin Console. The Admin Console is the central hub for managing all aspects of your Google Workspace environment, including user accounts, security settings, and app configurations. The interface is designed for intuitive navigation, with clear sections for each major area of administration.
  • Once logged in, use the following Navigation Path: Apps | Google Workspace | Gmail.

This path will take you to the Gmail-specific settings, where you can manage advanced security and routing features for your organization’s email.

2. Accessing the Spam, Phishing, and Malware Section.

• • Within the Gmail settings, locate the Spam, Phishing, and Malware section. This area allows you to configure how Gmail handles potentially harmful or unwanted messages, including the use of inbound gateways and custom message tagging.

3. Editing the Inbound Gateway Settings.

• • Click the pencil icon next to the Inbound gateway settings to edit them. Inbound gateways are used to specify trusted mail servers (such as Mimecast) that deliver mail to your Google Workspace environment. Proper configuration ensures that Gmail recognizes mail coming from Mimecast as legitimate and applies the correct filtering logic.

4. Verifying Gateway IPs Against Mimecast's IP Address Ranges.

• • Action: Ensure that the list of Gateway IPs in your Inbound gateway settings matches the official Mimecast IP address ranges.
  • Reference: The most current Mimecast IP ranges are published here: Mimecast Administration: Data Centers & URLs.
  • Best Practice: Always verify these IPs directly from the Mimecast support documentation, as they may change over time. Using outdated IPs can result in mail delivery issues or security gaps

EXAMPLE:

5. Configuring Message Tagging to Prevent Gmail from Scanning Low-Score Messages.

To ensure that Gmail does not re-scan messages that Mimecast has already evaluated as low risk, you can use message tagging based on the spam score provided by Mimecast.

• Header Used: X-Mimecast-Spam-Score
• Regex Pattern:

  X-Mimecast-Spam-Score:\s*([2-9][6-9]|[3-9][0-9]|[1-9][0-9]{2,})

Explanation of the Regex Pattern:

• This pattern matches the X-Mimecast-Spam-Score header and captures spam scores of 26 or higher, including any score in the hundreds.
  • [2-9][6-9] matches scores from 26 to 99.
  • [3-9][0-9] matches scores from 30 to 99 (overlapping with the previous, but ensures all 30+ are caught).
• Validation: The regex syntax is correct for this use case and can be tested using online regex tools such as regex101. It is designed to be robust and should accurately match the intended header values.

How to Apply:

• In the Inbound gateway settings, look for the option to add a message tag or bypass spam filtering based on a custom header or pattern.
• Enter the regex pattern above to ensure that only messages with a Mimecast spam score below 26 are subject to Gmail’s additional spam scanning. Messages with a score of 26 or higher (i.e., more likely to be spam) will not be bypassed and will be further evaluated by Gmail.