Email Security Cloud Integrated - Streamlined Allow & Block Sender Actions - Dec 2024

Updated January 05, 2026 17:21

Availability	December 6th, 2024
Product(s)	Email Security Cloud Integrated (CI)
Who's affected	Email Security Cloud Integrated (CI), Administrators

Overview

Mimecast is pleased to announce new streamlined actions for managing senders directly from the Detections & Detection Details Pages. Administrators can now choose to Release & Allow quarantined messages, or to Remove & Block delivered ones, eliminating the need to navigate across pages to perform these actions.

Considerations

Rules from the Allow/Block Rules page that have been in effect until this point are also applicable to the ‘Release and Allow Sender’ and ‘Remove and Block Sender’ options, as follows:
- Allow/Block Rules are only created for emails.
- These rules will be visible in the Allow/Block Rules Page.
- The Allow/Block Rules page is not visible in Threat Scan Only mode. Therefore, the ‘Release and Allow Sender’ and ‘Remove and Block Sender’ options are only visible in the Monitor and Protect modes.
- Creating a rule from the Allow/Block Rules page will generate an audit entry log - ‘Release and Allow Sender’ and ‘Remove and Block Sender’ will also create Audit Log entries.
- Rules will only be created for the Envelope Addresses of emails.

What's changing

Administrators will be able to use the new options either from the Detection Details Page (which will be a singular action) or, from the Detections Page (which will be a bulk action), as described below.

Detection Details Page (Singular Action)

If the Envelope Address already has a pre-existing rule created, no new rules are created. Users can still release or remove messages.
If the Envelope Address does not have a pre-existing rule created, new rules will be created and confirmed with the following:
- Message Action: Release/Remove with a mandatory reason, of minimum 3 characters.
- Sender Action: Allow/Block, requiring the user to choose the category to be attributed (The default chosen for Allow is Safe/Clean, the default for Block is empty, and the user must choose from Malware, Phishing, Untrustworthy, and Spam. The email address is listed (Envelope Address), and the user can choose whether or not to notify administrators when the rule is applied.

Detections Page (Bulk Action)

This will be visible in the Bulk Actions menu and also supports multiple scenarios.

If the Administrator selects Emails, where all senders have pre-existing rules created, these are displayed in the Summary page and no new sender rules will be created. The emails will still be released or removed.
If the Administrator selects Emails, where some senders have pre-existing rules created, the Administrator can view the list of senders that have pre-existing rules, and one rule will be created for the rest of the senders (that do not have any pre-existing rules).
If the Administrator selects Emails, where none of the senders have pre-existing rules created, all the senders' envelope addresses will be included in the (one) rule that is created.
If the Administrator selects Emails and Collaboration Security Items, only emails will be listed in the summary table as only emails can have sender rules applied.
If the Administrator selects only Collaboration Security Items, they will remain on the Detections Page and be notified that only email senders can be blocked or allowed.

Recommended actions

For more information on how to use the new functionality based on your specific requirements, please see Viewing Attack Details.