This page outlines Allow Rules that can be configured for Email Security - API-Based Protection.
Overview
Allow Rules provide organization-wide control over which senders and URLs are permitted into your environment. By specifying trusted senders and safe URLs, Allow Rules override policy detection actions to ensure legitimate communications are not incorrectly blocked.
Allow Rules can be applied to:
- Sender Email Addresses (both envelope and header)
- Sender Email Domains
- URLs.
Considerations
Allow Rules apply to emails only (Teams, OneDrive, and SharePoint files are not supported).
A Single Set of allow rules will be applied to all policies.
Allow Rules always override Policy Actions.
Administrators must be aware of the following:
Allow Rules override all Policy Detection Actions regardless of what the threat detection engine finds.
Block Rules will overrule Allow Rules.
Supported Allow Categories
API-Based Email Security deployment supports allow actions across two categories:
- By URL (domain-level or explicit URL allowing).
- By Sender (domain-level or individual sender allowing).
URL Exception Types
URLs and domains on the Allowlist are still scanned by Mimecast for associated threats, but any detections for those URLs will be overridden by the Allow Rule.
There are two ways to add URL exceptions: by domain or by exact URL.
Domain-Level Exceptions
Domain-level exceptions support wildcard notation to control whether subdomains are included. The following formats are supported:
| Format | Scope |
| https://domain.com | Exact domain only. |
| https://*.domain.com | All subdomains of the specified domain. |
When using wildcards, a single asterisk (*) is permitted, but only at the start of a domain and must be followed by a period (.). For example, http://*.domain.com and https://*.subdomain.com are valid. The following formats are not supported: domain.*, *.domain.com*, subdomain.*, www.*.com.
Exact URL Exceptions
Exact URL exceptions require the full URL, including the protocol, for example, https://app.vendor.com/login/callback. The rule applies only to that specific URL.
Microsoft Teams URLs: Entering a Teams URL such as https://teams.microsoft.com/l/meetup-join/ will allow that URL and anything appended after the specified path, providing broader support for Teams collaboration links.
URL Allowlists are useful for the following scenarios:
- Legitimate business applications and services.
- Third-party vendor portals and tools.
- Internal company resources and applications.
- Known safe marketing and communication platforms.
- Microsoft Teams meeting URLs and collaboration tools.
Allowlist Management (Trusted Senders)
Senders on the allowlist will bypass certain security checks and will not be flagged as malicious by Mimecast.
Individual Email Address Exceptions
| Format | Scope | Validation |
| user@domain.com | Affects emails from the specific sender address only. | Applied to both Header From and Envelope sender addresses. Either header OR envelope address match will trigger the allow rule. |
These are useful in the following scenarios:
- Specific individuals or service accounts.
- Automated system notifications.
- Executive communications.
Domain-Level Exceptions
| Format | Scope | Validation |
| domain.com or subdomain.domain.com | Affects all emails from any address within the specified domain. | Applied to both header From and Envelope sender domain. |
These are useful in the following scenarios:
- Entire organizations or service providers.
- Trusted partner domains.
- Internal business domains.
Sender Allowlists are useful in the following scenarios:
- Legitimate business partners and vendors.
- Third-party service providers and applications.
- Marketing and communication platforms.
- Internal business applications sending automated emails.
- Executive and VIP communications requiring priority delivery.
Allow Rule Application Workflow
When an Allow Rule is triggered, the following will happen:
Multi-Threat Email Handling
- The message is scanned. All scan engines evaluate the email completely.
- Scan results are made available in Analysis & Response (A&R).
- The Allow Rule is applied if there is a match. Allow rules are applied after and override any policy actions.
- The action and associated threat family are logged in Analysis & Response (A&R).
- Notifications are sent (if configured).
Example Scenario: Email Contains Two URLs:
allowlisted.com (detected as spam) – has an Allow Rule.
dodgy.com (detected as phishing) – has no Allow Rule.
The Processing Result is as follows:
- Spam detection is ignored for allowlisted.com due to the Allow Rule.
- The Phishing Policy applies to dodgy.com with the appropriate action.
- Both results are displayed in Analysis & Response, with the allow rule notation visible.
If an allow URL Rule is in place for one URL and nothing exists for another, but that URL is malicious, the message will be quarantined.
Rule Prioritization
Allow Rules are organized in a single ordered list, evaluated top-down, with the first matching rule taking effect. This list applies universally across all policies — per-policy allow-lists are not supported.
Viewing, Editing & Deleting Rules
Viewing Rules
You can view your current list of Allow/Block rules in the Mimecast Administration Console by using the following steps:
- Log in to the Mimecast Administration Console.
- Navigate to Policies | Allow & Block Rules.
From here, you can view a list of rules with the following heading criteria:
- Action
- Source
- Reason
- Comments
- Created
- Last Modified: You can sort the list by oldest-newest or newest-oldest.
Editing Rules
To edit an existing rule entry, select the specific rule (Sender or URL Rule) from the Allow & Block Rules list by clicking on the entry itself, then make any necessary changes on the Edit Sender / Edit URL rule screen.
Alternatively, click the three-dot options button on the far right-hand side of the column list and select Edit.
Deleting Rules
To delete an existing rule entry, select the specific rule (Sender or URL Rule) from the Allow & Block Rules list by clicking the entry itself and selecting the Delete button at the top of the View/Edit screen.
Alternatively, click the three-dot options button on the far right-hand side of the column list and select Delete.
Deleting a rule will trigger a confirmation pop-up box, asking you to confirm the action, as deleted rules cannot be recovered.
Creating a Sender-Based Rule
You can create an Allow list based on a sender's email address or domain by using the following steps:
- Log in to the Mimecast Administration Console.
- Navigate to Policies | Allow & Block Rules.
- Select the Sender tab. (This tab is selected by default when you land on this page.)
- Click Create New Rule.
- Complete the Sender Rule Details page as follows:
Use the Comments section to document the rule's purpose, ticket references, and other relevant details.
- Select the Allow Action.
- In the Criteria field, select Domain or Explicit, and enter the email address(es) or URL(s) to which the Allow Rule should be applied.
- Click Create Rule.
Creating a URL-Based Rule
You can create a URL-based Allow Rule by using the following steps:
- Log in to the Mimecast Administration Console.
- Navigate to Policies | Allow & Block Rules.
- Select the URLs tab.
- Click Create New Rule.
Complete the URL Rule Details page as follows:
Use the Comments section to document the rule's purpose, ticket references, and other relevant details.
- Select the Allow Action.
- In the Criteria field, select either Domain or Explicit and enter the URL or domain to be allowed.
- Click Create Rule.
You also have the option to add Comments on why the rule is being created.
You can create a new Group by navigating to Users & Groups | Profile Groups.
Comments
Please sign in to leave a comment.