This article lists SMTP addresses and domains that must be allowed for Mimecast Awareness Training, and is intended for Administrators.
Also see Managing Phishing Templates.
If Mimecast Awareness Training training or phishing simulation emails are not sending, confirm that outbound mail flow is enabled and that SMTP traffic is being processed (for example, MX records and send connectors are correctly configured). For some Mimecast Awareness Training‑only tenants, provisioning may expect a Secure Email Gateway (SEG). If SEG was not provisioned, outbound mail flow can be disabled at the account level. In these cases, you must provision a SEG (even with zero value in the CRM) or otherwise enable outbound mail flow so Mimecast Awareness Training campaign emails can be sent successfully.
Overview
When you are configuring your Mimecast Awareness Training environment, certain domains and SMTP addresses must be allowed, to ensure that your end users successfully receive phishing simulation Emails.
This is because phishing simulation emails are sent from specific SMTP addresses and contain specific domain URLs in the Email content.
All of the domains and SMTP addresses listed below are available for you to choose from when configuring phishing templates for use in your phishing campaigns.
To ensure open‑tracking works correctly, your email security solution (for example, Microsoft Defender) must allow images to download automatically for your Mimecast Awareness Training phishing simulation emails, so the tracking pixel can load. This can typically be achieved by configuring Microsoft Defender (or your chosen solution) to auto‑download images for allowed senders, or by allowlisting the relevant Mimecast Awareness Training sending domains and SMTP addresses described in this guide.
Trusted Sites Configuration
Click here to learn how to configure a Safe Senders list for Mimecast Awareness Training emails, ensuring that images display properly.
Step 1: Add Mimecast Sending Addresses to the Safe Senders List using GPO
- Create a Safe Senders List File:
- Create a .txt file containing the sending address(es) you would like to add as Safe Senders (in this case, this would be whichever address you are sending the Training Modules from)
@domain.com
postmaster@domain.com- If you wish to do the same for Phishing Campaigns, ensure that you add the sending addresses listed below to the text file as well.
- Save this file in a shared network location accessible to all users.
Configure the GPO
- Open the Group Policy Management Console (GPMC).
- Navigate to:
- User Configuration | Administrative Templates | Microsoft Outlook | Outlook Options | Preferences | Junk Email
- Enable the policy Specify path to Safe Senders list.
- Enter the UNC path to the .txt file (e.g., \\ServerName\Share\SafeSenders.txt).
- Deploy the GPO:
- Link the GPO to the appropriate Organizational Unit (OU) containing the users.
- Run gpupdate /force on client machines to apply the policy.
Using Intune
Prepare the Safe Senders List:
- Create the same .txt file as above.
- Create a Configuration Profile:
- Log in to the Microsoft Endpoint Manager Admin Center.
- Go to Devices | Configuration profiles | Create profile.
- Select Windows 10 and later as the platform and Templates | Administrative Templates.
- Configure the Policy:
- Search for "Specify path to Safe Senders list".
- Enable the policy and provide the path to the .txt file.
- Assign the Profile. (Assign the configuration profile to the appropriate user or device groups.)
Step 2: Enable Automatic Image Downloads for Safe Senders using GPO
Configure the GPO
- Open the Group Policy Management Console (GPMC).
- Navigate to:
- User Configuration | Administrative Templates | Microsoft Outlook | Outlook Options | Mail Format | HTML Options
- Enable the policy Automatic Picture Download Settings.
- Configure the setting to Permit downloads in email messages from Safe Senders and Safe Recipients.
- Deploy the GPO:
- Link the GPO to the appropriate OU and apply it.
Using Intune
- Create a Configuration Profile:
- Log in to the Microsoft Endpoint Manager Admin Center.
- Go to Devices | Configuration profiles | Create profile.
- Select Windows 10 and later as the platform and Templates | Administrative Templates.
- Configure the Policy:
- Search for Automatic Picture Download Settings.
- Enable the policy and configure it to Permit downloads in email messages from Safe Senders and Safe Recipients.
- Assign the Profile. (Assign the configuration profile to the appropriate user or device groups.)
Step 3: Verify the Configuration
On a Client Machine:
- Open Outlook and navigate to:
- Home | Junk | Junk Email Options | Safe Senders
- Confirm that Mimecast's sending addresses are listed.
- Test Automatic Image Downloads:
- Send a test email from a Mimecast address and verify that images are downloaded automatically without user intervention.
Google Workspace
Google Workspace Administrators are advised to add the following URLs to the Image URL Proxy allowlist within the Google Workspace Admin Console. This configuration ensures that images from Mimecast Awareness Training Phishing Campaigns are displayed correctly:
- https://*.therelayservice.com/
- https://s3.amazonaws.com/
By implementing this allowlist, you can ensure seamless image rendering for emails associated with these Campaigns.
Please see Setting up an Image URL Proxy List for more information.
Domains
See the Listing Managed URLs section of Managed URLs for steps on how to specify the URLs and / or domains to be added to the managed URLs list.
The same configuration for Domains needs to be carried out by all Mimecast Awareness Training customers, regardless of your license type, the API security solutions you're using, or whether Secure Email Gateway has been set up.
You need to add the following to your Managed URLs list:
- https://*.therelayservice.com/ is the Mimecast Awareness Training phishing landing page, and the domain is owned by Mimecast.
- https://s3.amazonaws.com is needed to enable automatic downloads of inserted images and [videoposter] in your Mimecast Awareness Training Email Notifications.
The following domains, used in Mimecast Awareness Training Phishing Campaigns, also needed to be allowlisted. This is to ensure phishing simulations pass seamlessly through your email provider and are not blocked.
Domains that our phishing platform sends from are:
| KB Domains | In Platform Domains |
| account-renewals.com | account-renewals.com |
| accountsecuritynotices.com | accountsecuritynotices.com |
| benefits-bulletin.com | benefits-bulletin.com |
| ceo-update.com | ceo-update.com |
| company-updates.com | company-updates.com |
| corp-accounts.com | corp-accounts.com |
| corp-news.com | corp-news.com |
| corp-update.com | corp-update.com |
| corporate-payroll.com | corporate-payroll.com |
| corporate-updates.com | corporate-updates.com |
| cy-se.com | cy-se.com |
| employee-news.com | employee-news.com |
| info-needed.com | info-needed.com |
| instant-promos.com | instant-promos.com |
| our-account.com | payroll-news.com |
| payroll-news.com | payroll-updates.com |
| payroll-updates.com | relaysvc.com |
| relaysvc.com | salary-info.com |
| salary-info.com | secure-corporate-communications.com |
| secure-corporate-communications.com | secure-corporate-news.com |
| secure-corporate-news.com | secure-corporate-updates.com |
| secure-corporate-updates.com | secureceocommunications.com |
| secureceocommunications.com | securesecuritysolutions.com |
| securesecuritysolutions.com | security-bulletin.com |
| security-bulletin.com | subscriptionrenewalnotices.com |
| subscriptionrenewalnotices.com | subscriptionrenewalservices.com |
| subscriptionrenewalservices.com | sysgen-cash.com |
| sysgen-cash.com | sysgen-payroll.com |
| sysgen-payroll.com | worldwidenewsupdates.com |
| worldwidenewsupdates.com |
SMTP Email Addresses
See Permitted Senders Policy - Configuration on how to set up Permitted Senders policies, to ensure the successful delivery of inbound messages from trusted sources, and Policy Basics for more information on configuring policies.
You need to ensure the following email addresses are permitted, as they are used for Mimecast Awareness Training Phishing Campaigns. Emails are sent from these envelope addresses as the phishing domain.
- noreply@therelaysvc.com
- noreply@therelayservice.com
- noreply@securityvault.com ‐ FOR TEST SYSTEM ONLY
The following SMTP addresses also need to be permitted, as these are used for Mimecast Awareness Training Phishing Campaign Simulations:
This list of values / sending addresses is the same for all customers.
It's up to you to choose which of the sending addresses to use from those available to you, which will then need to be allowlisted.
| Template Name | SMTP Address | Template Location |
| Sign-In Notification | noreply@accountsecuritynotices.com | System Template |
| OneDrive | noreply@benefits-bulletin.com | System Template |
| Free Promotions | noreply@instant-promos.com | System Template |
| Shipping | noreply@our-account.com | System Template |
| Dropbox Sharing | noreply@payroll-news.com | System Template |
| Amazon Shipping | noreply@relaysvc.com | System Template |
| File Sharing | noreply@secure-corporate-communications.com | System Template |
| Tracking Package | noreply@worldwidenewsupdates.com | System Template |
| ALL COMMUNITY TEMPLATES HAVE THE SAME SMTP ADDRESS BY DEFAULT | ||
| Access Restricted | noreply@info-needed.com | Community template |
| Account Compromised | noreply@info-needed.com | Community template |
| Grubhub Gift Card Acceptance | noreply@info-needed.com | Community template |
| Microsoft Task Approval Request | noreply@info-needed.com | Community template |
| Signature Request | noreply@info-needed.com | Community template |
| Statement of Account | noreply@info-needed.com | Community template |
| Product Marketing | noreply@info-needed.com | Community template |
| Login Confirmation | noreply@info-needed.com | Community template |
| Docusign Contract | noreply@info-needed.com | Community template |
| Account Verification | noreply@info-needed.com | Community template |
| Incoming Fax | noreply@info-needed.com | Community template |
| Login Attempt | noreply@info-needed.com | Community template |
| Adobe Subscription | noreply@info-needed.com | Community template |
| Microsoft Authenticator | noreply@info-needed.com | Community template |
| Invalid Payment | noreply@info-needed.com | Community template |
| BBC Licensing | noreply@info-needed.com | Community template |
| Netflix Payment | noreply@info-needed.com | Community template |
| Payroll Department | noreply@info-needed.com | Community template |
| Account Expiration | noreply@info-needed.com | Community template |
| Document Share | noreply@info-needed.com | Community template |
| FedEx Delivery | noreply@info-needed.com | Community template |
| Marketing Advertisement | noreply@info-needed.com | Community template |
| Microsoft Task Assignment | noreply@info-needed.com | Community template |
| Microsoft Teams Outreach | noreply@info-needed.com | Community template |
| Unlock Apple ID | noreply@info-needed.com | Community template |
| View Pay Slip | noreply@info-needed.com | Community template |
| Teams Project Outreach | noreply@info-needed.com | Community template |
| OneDrive Invoice | noreply@info-needed.com | Community template |
| Pending Payment | noreply@info-needed.com | Community template |
| Deposit Confirmation | noreply@info-needed.com | Community template |
| Signed Contract | noreply@info-needed.com | Community template |
| Send Data | noreply@info-needed.com | Community template |
| Login Attempt 3 | noreply@info-needed.com | Community template |
| Microsoft Teams | noreply@info-needed.com | Community template |
| Microsoft Planner | noreply@info-needed.com | Community template |
| Payment Processed | noreply@info-needed.com | Community template |
| Capital One | noreply@info-needed.com | Community template |
| 401k Information | noreply@info-needed.com | Community template |
| Maritime London Payment | noreply@info-needed.com | Community template |
| OpenAI Password Reset | noreply@info-needed.com | Community template |
| Auto Enrolment | noreply@info-needed.com | Community template |
Comments
Please sign in to leave a comment.