Impersonation Protect - Impersonation Protect Policies

Updated

This article describes how to configure a Targeted Threat Protection Impersonation Protect policy. This requires that you have a preconfigured Targeted Threat Protection Impersonation Protect definition. See the Impersonation Protect Definitions page for full details.

For detailed information on configuring, optimizing, integrating, and troubleshooting the Impersonation Protect Guides & Resources page.

Considerations

Impersonation Protect only applies to messages from external senders. An Impersonation Protect policy won't capture:

  • A spoofed message if anti-spoofing is bypassed.
  • Internal to internal messages, even if the individual's email address is in a profile group and scoped to an Impersonation Protect policy.

Common Settings for New Installations

We provide a list of Impersonation Protect definitions and policy settings based on commonly used configurations that can protect you against targeted spearphishing attacks. For full details, see the Impersonation Protect First Policy page.

As one setting may not meet all your specific requirements, we recommend you review your requirements and change these options where necessary.

You can configure up to 20 Impersonation Protect policies. To do so:

  1. Log in to the Mimecast Administration Console.
  2. Navigate to Policies | Gateway Policies.
  3. Select the Impersonation Protection item.
  4. Either click on the following:
    • New Policy button to create a definition.
    • Policy to be changed.
  1.   Complete the Options section as required:
Field / Option Description
Policy Narrative Describe the policy to enable you to identify it. This is appended to emails in the archive that have the policy applied. 
Select Option

Select the definition to be applied to the policy:

  • Click the Lookup button to display a list of Impersonation Protect definitions.
  • Click on the Select link to the left of the definition to be applied when this policy is triggered.
Preview

This field can be used to display a preview of the definition selected in the Select Option field:

  • Click on the Configuring Impersonation_3 icon to display a read-only version of the definition.
  • Click on the Go Back button to return to the policy.
  1. Complete the Emails From this section as required:
Field / Option Description
Addresses Based On

Specify the email address characteristics the policy is based on. The options are:

  • Return Address (Mail Envelope From): This policy applies to the SMTP address match based on the email's envelope or true address (i.e., the address used during SMTP transmission).
  • Message From Address (Message Header From): This policy applies based on the masked address used in the message's header. The Addressed Based On option is only available in the Emails From section.
  • Both: Applies the policy to the Mail Envelope and Message Header From addresses. This is the default setting for Impersonation Protection policies.

    As Impersonation Protect checks both the Envelope and Header From the address, it will always use both addresses.
Applies From

Specify the sender characteristics the policy is based on. For multiple policies, apply them from the most to least specific. The options are:

  • External Addresses: Includes only external organization addresses.
  • Freemail Domains: Includes sender domains on a Mimecast list of freemail domains.
  • Email Domain: This enables you to specify one or more domain names to which the policy is applied. If the Specifically field allows you to enter the required domain names if selected.
  • Address Groups: You can specify a predefined directory or group. If selected, the Profile Group field allows you to select the required group by clicking the Lookup button.
  • Header Display Name: Enables you to specify a Header Display Name. The Specifically field allows you to enter the required name if selected. This option is only available if the Address Based on option has been set to The Message From Address or Both.
  • Address Attributes: This enables you to specify a predefined attribute. If selected, the Where Attribute field allows you to select the required attribute, and the Is Equal To field allows you to specify an attribute value. This option can only be used if attributes have been configured for user accounts. See the Managing Directory Attributes page for further details.
  • Individual Email Address: This enables you to specify an SMTP address. The Specifically field allows you to enter the required email address if selected.
  1. Complete the Emails To section as required:
Field / Option Description
Applies To

Specify the sender characteristics the policy is based on. You should apply multiple policies from the most to least specific. The options are:

  • Internal Address: Includes only internal organization addresses.
  • Email Domain: This enables you to specify one or more domain names to which the policy is applied. The Specifically field allows you to enter the required domain names if selected.
  • Individual Email Address: This enables you to specify an SMTP address. The Specifically field allows you to enter the required email address if selected.
  • Address Groups: This enables you to specify a predefined directory or group. If selected, the Profile Group field allows you to select the required group by clicking the Lookup button.
  • Address Attributes: This enables you to specify a predefined attribute. If selected, the Where Attribute field allows you to select the required attribute, and the Is Equal To field allows you to specify an attribute value. This option can only be used if attributes have been configured for user accounts. See the Managing Directory Attributes page for further details.
  1. Complete the Validity section as required:
Field / Option Description
Enable / Disable Use this to enable (default) or disable a policy. If a date range has been specified, the policy will automatically be disabled when the end of the configured date range is reached. 
Set Policy as Perpetual If the policy's date range has no end date, this field displays Always On, meaning the policy never expires. 
Date Range Use this field to specify a start and/or end date for the policy. If the Eternal option is selected, no date is required. 
Policy Override This overrides the default order in that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type are configured with an override. 
Bi-Directional If selected, the policy is applied when the policy's recipient is the sender and the sender is the recipient. 
Source IP Ranges (n.n.n.n/x) Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation. 
  1. Click on the Save and Exit button.

See Also...

Related to

Was this article helpful?
0 out of 3 found this helpful

Comments

0 comments

Please sign in to leave a comment.