Service Update
| Availability | From October 7th, 2025 |
| Product(s) | Email Security Cloud Gateway (CG) |
| Who's affected | Administrators and End-users |
Overview
Mimecast is enhancing its email security by introducing URL Pre-Delivery Action. This new feature will proactively scan suspicious URLs in email messages before they reach users' inboxes, aiming to prevent malicious links from ever being delivered.
What's changing
- Pre-Delivery Scanning of URLs: Suspicious messages will now undergo a pre-delivery URL scanning prior to user delivery, rather than only at the time of click.
- Enhanced Protection: This update is designed to keep malicious messages and links out of end users' inboxes, reducing the risk of phishing and malware attacks.
- Control Setting: The feature is managed via the URL Pre-Delivery Action setting within URL Protection.
Please see the table below for rollout dates of this new feature.
Deployment Schedule
| Region | Date |
| DE, CA, Jersey | October 7th, 2025 |
| USB | October 8th, 202 |
| AU | October 9th, 2025 |
| UK | October 14th, 2025 |
| US | October 15th, 2025 |
| ZA | December 17th, 2025 |
URL Pre-Scan Configuration Progress Updates
On Tuesday, November 18th, 2025, Mimecast will enable the URL Protection - URL Pre Delivery Action with the Hold setting for all customers. This enhancement improves your security by scanning high-risk URLs in emails before they reach your end users' inboxes. Mimecast recommends keeping this service turned on for maximum protection. To disable this action, follow these easy steps below:
- Log in to the Mimecast Administration Console.
- Navigate to Policies | Gateway Policies
- Scroll to down to URL Protection, then Click on the Definitions button.
- Then click on URL Protection Definition.
- In the Inbound Settings, navigate to URL Pre-Delivery Action.
- Click on the drop-down menu box and select None.
Why are we doing this?
As we continue to develop and improve our security efficacy on behalf of our customers, we are introducing features that significantly improve inbox security. We've seen such a reduction in URL Pre-Delivery Action that we've decided to enable it for all customers while also providing a path for them to disable this security enhancement.
Recommended actions
- Administrators should review and, if necessary, update the URL Pre-Delivery Action setting to ensure it aligns with their organization's security policies.
- Inform users about the enhanced protection and encourage them to remain vigilant for suspicious emails.
Comments
What provision has been put in place to help users understand whether or not a url poses a threat?
hi Paul, thanks for raising this feedback with us.
End Users don't see an explanation as to whether or not a URL poses a threat.
Administrators can use the URL Protect logs for pre-scanning hold information for messages.
You can enable user awareness, to display messages in the End User's browser on clicking a link in a message.
You can also enable notifications, to notify specific users, should a policy be triggered. See https://mimecastsupport.zendesk.com/hc/en-us/articles/34000589915155-Targeted-Threat-Protection-URL-Protect-Configuring-URL-Protect-Definitions
If you have CyberGraph, you can use CyberGraph banners to give End Users information on the safety of message contents, depending on the scan results. https://mimecastsupport.zendesk.com/hc/en-us/articles/34000355038739-CyberGraph-2-0-Dynamic-Banners .
How do we bypass e-mails that are phishing simulations with URL's?
Thank you for your feedback. I see that you already have a ticket open, and our support team will be assisting you with your query.
Please sign in to leave a comment.