This page lists the frequently asked questions relating to CyberGraph 2.0 functionality. For ease of use, they are split into categories.
Misaddressed Email Protection is not covered on this page; it has its own FAQ article at Misaddressed Email Protect - FAQ.
Banners
| Q: | Are banners removed when replying to an email? |
| A: | Banners are removed when replying to or forwarding an email externally, but not if an external email is forwarded internally. |
| Q: | Can the color of the banners be customized? |
| A: | No, not at this time. |
| Q: | Can I customize the web page to which users are directed when reporting emails? |
| A: | Not at this time. |
| Q: | Can the “Report or Mark Safe” phrase be amended to some other form of wording on banners? |
| A: | Yes, you can change the wording. For further details on how to modify the banners, see the "Dynamic Banners" section of CyberGraph 2.0 - Configuration Settings. |
| Q: | Are banners offered in other languages besides English? |
| A: | Yes, in the Admin Console dashboard, you can customize banner messages in your account, including displaying text in the language of your choice from the dropdown list provided. You can set it for your entire account, but you CANNOT configure different messages for specific groups. Please refer to the following article for more information on customizing CyberGraph banners:: CyberGraph 2.0 - Configuration Settings. |
| Q: | Are banners also applied to plain text messages? |
| A: | No. CyberGraph cannot add banners to plaintext email; whilst CyberGraph will still process the email, it will not modify the body. |
| Q: | Can CyberGraph apply banners to S/MIME secure messages? |
| A: | No. Due to the nature of the S/MIME encryption, CyberGraph cannot alter the message body by inserting banners without compromising the message integrity, so S/MIME is not supported for CyberGraph bannering. However, CyberGraph does run the rules and the S/MIME message disposition is stored. As such, a banner search will return results indicating which rules were triggered for the S/MIME messages. |
| Q: | Banners aren’t visible when I open a message unless I click the Download Images menu item. Why is this? |
| A: | The most common causes for banners not being displayed for end users are:
|
| Q: | Banners don’t seem to be working for our Office Web Outlook users. Why is this? |
| A: |
Office Web Outlook (OWA) does not currently support the configuration of Trusted Sites and, therefore, does not support our banner fetch process. If your organization uses OWA, you must configure CyberGraph to use text banners rather than dynamic image banners. In OWA, end users will always be prompted to download the images. Note: Microsoft has made available via limited release New Outlook for Windows. This version uses the same code base as OWA above, so the same limits and recommendations apply. This version is optional for business users due to missing features from classic Outlook and Microsoft has not announced a date for mandatory upgrades. See CyberGraph Outlook Compatibility. |
| Q: | If I remove users from a Dynamic Banner rule or disable the policy, what happens to mail already presenting a Dynamic Banner? |
| A: | When a policy is disabled, no new banners are triggered. However, older emails will still show the dynamic banners. |
| Q: | Do banners update retroactively when reported? i.e., if I report a sender as dangerous/safe, will banners on previous emails from the sender update to reflect the report? |
| A: | Only imaged-based banners will update retroactively. Text banners are static and are not updated. See the Banners section of CyberGraph 2.0 - Configuration Settings. |
| Q: |
Why is a line of text (formatted as Size 1 in White font) positioned above the CyberGraph banner? Why am I seeing a small blue underline that looks like a missing URL when I reply to a bannered message? |
| A: |
CyberGraph inserts in a banner placeholder for all emails it processes. Even if a banner is not initially displayed, subsequent processing may necessitate display of a banner after initial delivery (the Domain Safelist article <doc add the link> cites an example). Additionally, a hidden placeholder, formatted as Size 1 in White font, is positioned before the banner to prevent the banner from rendering an empty Outlook preview, ensuring a consistent and professional email experience. Note that this text may become more visible when dark mode is enabled. Similarly, an observed blue underline is another artifact of Outlook compatibility measures, occurring only rarely when a URL is included in the message preview text area. It is harmless and should be ignored. Related to above, it ensures the Outlook preview area is correctly displayed. Mimecast cannot remove this artifact without resulting in more significant Outlook message rendering issues. |
Notifications
| Q: | Can we be notified when one of our users reports an email? |
| A: | Yes. You can specify an email address to be notified in your notification settings. See the "Notifications" section of CyberGraph 2.0 - Configuration Settings. |
| Q: | One of my users just reported a mail as Dangerous, but I do not see that action reflected in the Dashboard. What delay is to be expected? |
| A: | The info is updated daily at 00:00 UTC (Coordinated Universal Time). |
Administration
| Q: | Can I add additional domains to my safe senders list? |
| A: | Yes. Domains can be added to the safe senders list in the dashboard. See CyberGraph 2.0 - Configuring Domain Safelists. |
Message Processing
| Q: |
How can I see which messages were blocked by CyberGraph?
|
| A: |
When an end user reports a suspicious message as Spam or Dangerous, CyberGraph adds the sender to their personal block list in the Cloud Gateway. Users can manage or update this list through their Managed Senders in the Mimecast Personal Portal. Administrators cannot directly view messages blocked due to CyberGraph triggers, but can manage these senders like any other blocked ones. They can also see user-reported messages in the CyberGraph section of the Administration Console, indicating which senders will be blocked in the future. If the Mail Transfer Agent (MTA) blocks a future message from a blocked sender, it will be treated like any other blocked message and will not be delivered to either CyberGraph or the end user. |
| Q: |
Can I see which messages were processed by CyberGraph?
|
| A: |
Yes. For Dynamic Banners, you can search the email HTML for “CGBannerCode.” If a banner was applied for static/text banners, then “CGBannerCode” will appear in the email HTML. But if a banner were not needed, then nothing would appear. In both cases, if it were not handled by CyberGraph at all, nothing would appear in the code.
|
| Q: |
How does CyberGraph work with Impersonation Protect if I use both?
|
| A: |
We don’t recommend configuring both CyberGraph AND Impersonation Protect for all users’ banners/tags. In the order of policy processing, the CyberGraph policy is enforced before Impersonation Protect. For example, if there is a policy to hold based on Impersonation identifiers AND the message hits a CyberGraph rule, the message would be held by TTP IP with a CyberGraph banner inserted. The Impersonation Protect best practice would be configuring a block policy in TTP Impersonation Protect and CyberGraph banners for all VIP users. Contact Customer Support for configuration help if needed.
|
| Q: |
How does fuzzy matching work?
|
| A: |
CyberGraph's fuzzy name matching works on “precision.” Lower precisions require fewer matching characters or sounds. Fuzzy matching also uses various techniques to detect misspellings, phonetics, nicknames, and “puny” characters when comparing against the names of contacts and employees in your company. The details about how CyberGraph does this are confidential. You can adjust the precision level used in your CyberGraph Settings if you receive too many false positives. See the "Dynamic Banners" section of 2.0 - Configuration Settings.
|
Troubleshooting
| Q: | When I look at the source of a message, I see a lot of instances of " " What are these for? |
| A: | These are added by CyberGraph during processing so that the message's preview information is still visible when a banner is applied. In HTML, " " signifies a non-breaking space that doesn't cause any harm. |
|
Q:
|
I still see banners on my Safelisted emails or from senders I have previously communicated with.
|
|
A:
|
Common Reason 1
An email’s sender identification has two parts:
CyberGraph evaluates this header information.
For response tracking, some senders, notably marketing/promotional communications, change the sender address slightly to help track marketing campaign responses. For example, a user might receive a message from "marketing_newsletter3" one month and "marketing_newsletter4" the next. Sending companies can still map these different addresses to the displayed name of "Marketing Newsletter".
End-users may be confused by a banner on an email from a promotional sender they have safe-listed when they actually have a new mail from a different sender, just with a similar but slightly different sender name.
Common Reason 2
Another scenario is SPF checks are failing (often the reason for banners that keep showing, stating "The sender's address could not be verified”). |
| Q: |
I am getting unexpected banners when using Distribution Lists, Shared Mailboxes, and Aliases. Can this be fixed?
|
| A: |
CyberGraph doesn’t always recognize these specialized senders and recipients because they are resolved after mail delivery. This means CyberGraph has no way of detecting the relationship between an alias and a primary user, and it cannot know the members of a distribution list or shared mailbox. So certain rules can trigger when analyzing these at face-value.
Likewise, if the recipient of an email in a shared mailbox replies as themselves rather than the shared mailbox itself, CyberGraph only sees that the email came from the recipient and not the shared mailbox, and does not create a relationship link from the shared mailbox to the original sender. Consider Safe Listing senders that frequently use these DLs, aliases and / or shared mailboxes. |
| Q: |
Tracker is disabled on my account by policy. Why am I still seeing messages processed in the Tracker Dashboard ("Total emails scanned")?
|
| A: |
The "Total emails scanned" value indicates how many messages with images CyberGraph is processing. If Tracker is enabled, the images in these messages will be rewritten. If Tracker is disabled, this indicates the volume of image-containing messages received, but no action is taken.
|
Comments
Please sign in to leave a comment.