Policies - Configuring and Managing Permitted Senders

What are Permitted Senders?

Permitted Senders in Mimecast are trusted IP addresses or email addresses that are allowed to bypass certain email security checks. When you add an IP address or email address to the permitted senders list, messages from those sources will bypass Spam Scanning, Greylisting, and IP Reputation checks. This ensures that emails from trusted sources are not inadvertently blocked or marked as spam.

Policy Hierarchy and Precedence

Understanding the hierarchy of Mimecast policies is crucial for effective email management:

• Blocked Sender policies always take precedence over Permitted Sender policies.
• If a domain is blocked, even if a specific email address from that domain is in the Permitted Senders list, the domain-level block will still apply.
• To allow a specific sender from a blocked domain, you must create a 'Blocked Sender - Take No Action' policy for that specific email address.
• Permitted Senders policy supersedes a user's Blocked Senders list in Managed Senders for Envelope addresses.

Configuring Permitted Senders

To add IP addresses to your Permitted Senders list:

1. Log in to the Mimecast Administration Console.
2. Navigate to Policies | Gateway Policies | Permitted Senders.
3. Create a New Policy with the following settings:
   • Narrative: 'Allow (orgname) IPs'
   • Policy: Permit Sender.
   • Addresses based on: Both.
   • Leave 'From Everyone, To Everyone'
   • In the Validity section, enter IP ranges.
4. Save and exit.

Note: Individual IP addresses should be followed by a /32 (e.g., 1.1.1.1/32).

Effects of Adding Permitted Senders

When you add an IP address or email address to the permitted senders list:

• Messages from those sources will bypass Spam Scanning, Greylisting, and IP Reputation checks.
• Emails from trusted IP ranges are not inadvertently blocked or marked as spam.
• The external email warning banner will not be applied if the Bypass Permitted Senders option is enabled.

Bypass Options

Mimecast offers a Bypass Permitted Senders option. If a sender is listed in your permitted sender policy, the external email warning banner will not be applied. This means you can pre-configure trusted contacts to automatically bypass the external email warning without needing a manual trust mechanism for each email.

Managing Specific Senders and Domains

To allow emails from a specific sender to bypass spam scanning:

1. Navigate to Users & Groups | Profile Groups.
2. Select the Permitted Senders folder.
3. Use Build | Add Email addresses to add the specific email address.

This will allow the sender's messages to bypass Spam Scanning, Greylisting, and IP Reputation checks.

For managing entire domains and specific senders:

• You can block entire domains using the Managed Senders block list.
• You can selectively permit specific email addresses through the Permitted Senders Profile Group.
• If you want to block a broad domain but allow specific senders from that domain, add the specific email address to your Permitted Senders list. Note that this will only be work effectively if this is done via Managed Sender entries, and not using Blocked Sender policies.

To prevent important emails from being held:

1. Navigate to Users & Groups | Profile Groups.
2. Select the Permitted Senders folder.
3. Select Build | Add Email addresses.
4. Add the necessary addresses (one per line).
5. Save and Exit.