If you require additional IP addresses added, or IP addresses to be removed, contact Mimecast Support. See the Raising a Mimecast Support Case page for full details.
This article contains information on Mimecast's authorized outbound IP configuration, including steps to prevent open relay abuse, manage dynamic IPs with SMTP authentication, view authorized outbounds, and confirm outbound IP addresses for secure email delivery.
During the implementation process, Mimecast implements a security feature that prevents mail servers which aren't owned by you, from using us as an open relay. We add at least one IP address to your authorized outbounds, based on the information provided in the Request for Information (RFI) when your Mimecast account is created. These IP addresses are the only ones that Mimecast will accept outbound emails from. You can have multiple authorized outbounds, but networks cannot be added.
If you are using dynamic IP addresses for outbound email, authorized outbounds will not be added to your account. Instead, you'll need to configure SMTP authentication for your SMTP connector / send connector to enforce authentication with us. This means that when sending outbound emails, we'll only accept emails based on successful authentication. If your mail server(s) do not support this configuration, please contact Mimecast support.
It may take up to two hours for new authorized outbounds to be propagated and displayed in the Administration Console.
Viewing Your Authorized Outbounds
To view your authorized outbounds:
- Log in to the Mimecast Administration Console.
- Navigate to Gateway | Authorized Outbounds.
- If you send an email from a shared hosting provider (i.e. Microsoft 365 or Google Workspace) a message will show at the top of the Authorized Outbounds page as follows: 'Your account is configured to process traffic from Microsoft 365 / G Suite'. If you are using another 3rd party hosting service, these IPs will not be listed on your account. You'll need to contact Mimecast Support to ensure your account is provisioned appropriately for this traffic.
An open relay is a mail server used by spammers to send emails, even though these messages do not originate from the internal environment. By default, we configure Block Sender Policies to prevent any external address originating from your authorized outbound, from sending emails to another external address. In other words, we only accept emails from addresses belonging to your configured internal domains.
If emails are sent from your internal domain, but from an IP address that is not listed, Mimecast will temporarily fail the connection with the error code: “Open relay not allowed”.
Confirming Your Outbound IP address
To confirm your outbound IP address:
- Log on to your mail server.
- Open a new browser window.
- Navigate to http://www.whatismyip.com. This displays the internet routable (public) address for your mail server.
Comments
Please sign in to leave a comment.