Mimecast Sender Verification Update

by Michael Bianchi
Senior Solutions Architect

Beginning today, Mimecast will roll out a change that may impact messages that are stamped with a sender domain not verified by Mimecast (internal domain) — in other words, open relaying through Mimecast. This can include any of the following policies or configurations:

  • Using Address Alteration Policy for Envelope Rewriting
  • Open Relaying from an Authorized Outbound IP Address
  • Disabled External to External Block Policy
  • Blocked Sender Take no Action Policy Based on IP
  • Group Carbon Copy Policy with External Recipients
  • Forwarding Policy with External Recipients

Messages that meet these criteria will, by default, be sent out through IP addresses that are not included in the Mimecast SPF address range. This will mean a failed SPF check and possible delivery issues for emails.

If any mail from your firm is being sent as an external recipient, Mimecast has prepared a method of authorizing the external domain for this purpose. Once authorization is complete, relayed mail will once again be sent through IPs that are part of the Mimecast SPF range and will pass SPF checks.

An account specific DNS authorization code can be accessed and provided to the external domain owner for verification by the following steps:

  1. Logon on the Administration Console.
  2. Click on the Administration menu item.
  3. Select the Account | Account Settings menu item.
  4. Copy the text in the DNS Authorization Code field to your clipboard.
  5. The external domain owner must enter this text into the external domain’s DNS as a TXT record in the form: <DNS_AUTH_CODE>._mime.<EXTERNAL_DOMAIN>. 300 IN TXT “v=MIMEv1;”

In the example above, replace DNS_AUTH_CODE with the DNS Authentication Code from your Mimecast account, and replace EXTERNAL_DOMAIN with the external domain being used. Please note that the dot (.) after EXTERNAL_DOMAIN is part of the record and must be included. This is also true of the semi-colon (;) after the record content entry.

If you have any questions about this Mimecast issue or need further assistance, please contact us at service@helient.com.