Mimecast Email Incident Response - FAQ

Updated

This article provides the answers to frequently asked questions about Mimecast Email Incident Response (MEIR) functionality. 

Frequently Asked Questions

Q:

What end-user reporting solutions should be used?

A:

All Mimecast reporting solutions are effective, however Outlook End User Reporting is the preferred solution.

Q:

Does every reported message sender get added to the managed senders block list?

A:

No, only messages classified as ‘malicious’ or ‘benign – spam’ will get added to the list.

Q:

Do I need to restart my Outlook before the MEIR button appears?

A:

If Outlook is running while MEIR is being deployed, then yes, you should restart your Outlook once your Administrator confirms successful deployment.

Q:

Should marketing spam emails be reported?

A:

No marketing or other kind of spam mail don’t have be reported since it is not dangerous. They can be reported though and after classification will be added to the personal block list

Q:

Will end-users receive any response after reporting an email?

A:

Depending on the feedback configuration you have set, end-users will receive a response. For more details see End User feedback.

Q:

What will happen when I report a suspicious email?

A:

  • The message is moved to the junk folder.

  • The message is delivered to the Mimecast security team for investigation and possible response.

  • The sender of the message gets added to the blocked senders list if the investigation turns up the message is either Malicious or Benign – Spam.

For more details see Mimecast TRO actions.

Q:

Will emails be remediated from the end-user's inbox?

A:

If a reported email is classified as dangerous by Mimecast's security team, the email(s) will be remediated from the reporter's inbox and all the end-users who received it.

Q:

How could the security administrator receive a copy of the email reported by its end users?

A:

If the Additional Report Spam/Phishing/Malware Recipient field is filled out within the Application Settings, that address will receive a copy every time an end user reports an email.

Q:

How will messages be classified by Mimecast's security team?

A:

There’s a total of 12 classifications that can be given, for more details see Mimecast TRO actions.

Related to

Was this article helpful?
0 out of 1 found this helpful

Comments

1 comment
Date Votes
  • Avatar
    Admin - LI

    Hi Michael Gorn,

    Thank you for your feedback. The article link has been updated. 

    0

Please sign in to leave a comment.