This article contains information on the Processing Details section, explaining email analysis steps, results for policies like Graymail, SPF, DKIM, DMARC, and RBL, and how these results influence policy actions and email handling.
Understanding Processing Details
You can view Message Details, by using the following steps:
- Log in to the Mimecast Administration Console.
- Navigate to Message Center | Message Tracking.
- Select on an item, or click on the ellipsis "..." | View Details to view Message Details.
The Analysis tab within Message Details shows the processing steps and provides the results of how an email has been assessed at each stage. This information is organized into a list of checks, the output of which can trigger a defined Policy Action.
For example, enabling Graymail Control and setting the Graymail Detection Action to be Same as Spam Detection. From this, an Administrator will see that the email was classified as Graymail and moved into the Held Queue, as per the Spam policy. This processing information provides an understanding as to why a certain policy was flagged, especially when used in combination with the policies considered.
If there is a "-" sign next to a policy type, this may appear if that specific policy has not been enabled and therefore cannot perform any check against the email.
Graymail
| Result | Description |
|---|---|
| False | The email has not been detected as Graymail. The action defined in your Spam Scanning Definition will take effect. |
| True | The email has been detected as Graymail. The action defined in your Spam Scanning Definition will take effect. |
Managed Sender
| Result | Description |
|---|---|
| No Match | The email or domain was not found in the user-managed senders list. |
| Permitted Sender (Auto) | This email address or domain has been automatically added to the user's Whitelist. |
| Permitted Sender | This email address or domain has been manually added to the user's Whitelist. |
| Blocked Sender | This email address or domain has been manually added to the user's Blocked Senders list. |
| Ignored | The DNS policy is set to ignore managed senders on failure. |
Permitted Sender
When the Header address permitted sender is applied by the Header address and differs from the Envelope address, None will appear in the Analysis tab.
| Result | Description |
|---|---|
| No Match | The email or domain was not found in the Permitted Senders list. |
| Permitted Sender (Auto) | This email address or domain has been automatically added to the Permitted Senders Whitelist. |
| Permitted Sender | This email address or domain has been manually added to the Permitted Senders list. |
| Blocked Sender | This email address or domain has been manually added to the Blocked Senders list. |
| Ignored | The DNS policy is set to ignore managed senders on failure. |
SPF Results
| Result | Description |
|---|---|
| Temp Error | The TempErrors are normally caused by transitory DNS issues that cause SPF record lookups to fail. |
| Pass | The SPF checks have passed. |
| Hard Fail | Any inbound messages that result in an SPF Hard Fail should be rejected. In these cases, the sender is not sending the message from an authorized IP address. |
| Soft Fail | The Soft Fail result is considered to be a temporary setting while SPF is being configured. It does not cause any restrictions to be applied. The header value contains the check result. |
| Neutral | The neutral SPF results are for when the domain owner has not specified whether a sender using this domain is permitted to send on their behalf. |
| Perm Error | The PermErrors are similar to TempErrors. They can be caused by incorrectly formatted SPF records being present and require DNS administrator intervention to correct. |
| None | The domain owner has not chosen to implement SPF, meaning that senders using this domain do not need to authenticate to send on its behalf.
This is not the same as a Fail |
DKIM Results
| Result | Description |
|---|---|
| Temp Error | The TempErrors are normally caused by transitory DNS issues that cause DNS record lookups to fail. |
| Pass | The message was DKIM signed, the signature or signatures were acceptable, and the signature(s) passed verification tests. |
| Fail | The messages that result in the Fail result should be subjected to spam/reputation-based checks to ensure that the appropriate steps are taken and messages are not incorrectly rejected. |
| None | The message was not signed, which means that the message had no DKIM signature.
This is not the same as a Fail. |
| Perm Error | The PermErrors can be caused by incorrect values being specified within the domain's DNS records. |
DMARC Results
| Result | Description |
|---|---|
| Pass | The DMARC checks have passed. |
| Perm Error | The PermErrors can be caused by incorrect values being specified within the domain's DNS records. |
| None | No action is defined in the sending domain's DMARC DNS record. |
| Temp Error | The TempErrors are normally caused by transitory DNS issues that cause DNS record lookups to fail. |
| Fail | Messages that result in the Fail result should apply the action defined by the domain owner's DMARC policy. |
RBL Results
| Result | Description |
|---|---|
| Pass | The sending IP address was not listed on a block list. |
| Fail | The sending IP address is a known spammer and is either listed in a block list, or the IP address has a poor reputation. |
Comments
there is no “Message Analysis” tab. The documentation (all across Mimecast, not just this article), needs to be reviewed and updated so the language and terminology used in the documentation exactly matches reality in the admin console. There is a “Message” tab and an “Analysis” tab. This article appears to be related to the “Analysis” tab and should reflect that more clearly. It also only covers one section ("Processing Details") of that tab. The other sections there are not documented here.
Hi Saskin,
Thank you for your feedback. The article has been updated to reflect more accurately the information it represents in the Administration Console.
If your issue is more urgent and/or you wish to open a new Support case, please do so here.
Please sign in to leave a comment.