If you're using Mimecast's services, you can still allowlist Phishing Tackle's simulated phishing emails and training notifications.
Below are instructions for several different policies you'll need to implement in the Mimecast console to allow Phishing Tackle to function correctly.
If you encounter issues allowlisting in Mimecast, we recommend contacting them directly for specific instructions. You can also contact us at support@phishingtackle.com
Mimecast Policies Required
The policies below are listed in order of importance. The first four rules are required for all Mimecast packages, while the last three are only necessary if you have the corresponding Mimecast package. We explain each policy's purpose, with regards to Phishing Tackle's security test features. Create the appropriate policies in order below.
Necessary for all Mimecast packages:
Permitted Senders Policy
Greylisting
Impersonation Protection Bypass Policy
Anti-Spoofing Policy
Necessary only if the associated packages are activated:
Attachment Protection bypass Policy
URL Protection Bypass Policy
Attachment Management Bypass Policy
Optional Mimecast policies:
- Preventing Mimecast from Re-Writing Phishing Links
- Prevent Mimecast from quarantining Phishing Tackle emails that fail authentication
Permitted Senders Policy
To successfully allowlist our phishing and training related emails when using Mimecast, we recommend creating a new Permitted Sender Policy within your Mimecast console.
NOTE: Do not edit your default Permitted Sender Policy, you MUST create a new one.
- Log onto the Mimecast Administration console.
- Open the Administration Toolbar.
- Select Gateway | Policies.
- Select Permitted Senders.
- Select New Policy.
- Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring a Permitted Senders Policy.
- Enter Phishing Tackle's IP Address in the Source IP Ranges Field. (Find our most up to date IP address here)
Option
Setting
Options
Policy Narrative
Phishing Tackle Permitted Senders Select Option
Permit Sender Emails From
Addresses Based On
The Return Address (Email Envelope From) Applies From
External Addresses Specifically
Applies to all External Senders Emails To
Applies To
Internal Addresses Specifically
Applies to all Internal Recipients Validity
Enable/Disable
Enable Set policy as perpetual
Always On Date Range
All Time Policy Override
Checked Bi Directional
Unchecked Source IP Ranges (n.n.n.n/x)
52.56.150.127/32
35.177.22.237/32
Greylisting
Adding Phishing Tackle to the permitted senders list (above) should bypass Greylisting. However, we recommend following the Greylisting steps below to avoid any potential delivery issues.
- Log onto the Mimecast Administration console.
- Open the Administration Toolbar.
- Select Gateway | Policies.
- Select Greylisting.
- Select New Policy.
- Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections.
- Enter Phishing Tackle's IP Address in the Source IP Ranges Field. (Find our most up to date IP address here)
Option
Setting
Options
Policy Narrative
Phishing Tackle Greylist Select Option
Take no action Emails From
Addresses Based On
The Return Address Applies From
External Addresses Specifically
Applies to all External Senders Emails To
Applies To
Internal Addresses Specifically
Applies to all Internal Recipients Validity
Enable/Disable
Enable Set policy as perpetual
Always On Date Range
All Time Policy Override
Checked Bi Directional
Unchecked Source IP Ranges (n.n.n.n/x)
52.56.150.127/32
35.177.22.237/32
Impersonation Protection Bypass Policy
To enable simulated phishing emails that look like they are from users/domains within your organisation (spoofed domain), you'll need to create an Impersonation Protection Policy and Anti-Spoofing Policy in the Mimecast Console.
First, you'll need to create an impersonation protection definition (if you have not already created one).
Create an impersonation protection definition
- Log onto the Mimecast Administration console.
- Open the Administration Toolbar.
- Select Gateway | Policies.
- Select Impersonation Protection.
- Select New Definition.
- Give the Definition a descriptive name, E.G. "Phishing Tackle Impersonation Protection Bypass Definition"
- Select the appropriate settings (below). For more information, see Mimecast's Configuring an Impersonation Protection Definition.
Option
Setting
Identifier Settings
Description
Phishing Tackle Impersonation Protection Bypass Definition
Similar Internal Domain
Checked
Similarity Distance
1
Newly Observed Domain
Unchecked
Internal User Name
Checked
Reply-to Address Mismatch
Checked
Targeted Threat Dictionary
Checked
Mimecast Threat Directory
Checked
Custom Threat Directory
[Leave as-is]
Number of Hits
2
Ignore Signed Messages
Unchecked
Identifier Actions
Action
None
Tag Message Body
Unchecked
Tag Subject
Unchecked
Tag Header
Unchecked
General Actions
Mark All Inbound Items as 'External'
Unchecked
Notifications
Notify Group
[Leave as-is]
Notify (Internal) Recipient
Unchecked
Notify Overseers
Unchecked
Create a policy to avoid the definition
- Log onto the Mimecast Administration console.
- Open the Administration Toolbar.
- Select Gateway | Policies.
- Select Impersonation Protection Bypass.
- Select New Policy.
- Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring an Impersonation Protection Bypass Policy.
- Enter Phishing Tackle's IP Address in the Source IP Ranges Field. (Find our most up to date IP address here)
Option
Setting
Options
Policy Narrative
Phishing Tackle Impersonation Protection Bypass Select Option
[Select the appropriate definition to bypass, Use the Phishing Tackle definition (created above) if you have none] Emails From
Addresses Based On
Both Applies From
External Addresses Specifically
Apply to all External Senders Emails To
Applies To
Internal Addresses Profile Group
Applies to all Internal Recipients Validity
Enable/Disable
Enable Set policy as perpetual
Always On Date Range
All Time Policy Override
Checked Bi Directional
Unchecked Source IP Ranges (n.n.n.n/x)
52.56.150.127/32
35.177.22.237/32
Anti-Spoofing Policy
Follow the steps below to allow Phishing Tackle to send simulated phishing emails that appear to come from your domain.
- Log onto the Mimecast Administration console.
- Open the Administration Toolbar.
- Select Gateway | Policies.
- Select Anti-Spoofing from the policies list.
- Select New Policy.
- Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring an Anti-Spoofing Policy.
- Enter Phishing Tackle's IP Address in the Source IP Ranges Field. (Find our most up to date IP address here)
Option
Setting
Options
Policy Narrative
Phishing Tackle Anti-Spoof Allow Policy Select Option
Take no action Emails From
Addresses Based On
Both Applies From
Everyone Specifically
Applies to all Senders Emails To
Applies To
Everyone Specifically
Applies to all Internal Recipients Validity
Enable/Disable
Enable Set policy as perpetual
Always On Date Range
All Time Policy Override
Checked Bi Directional
Unchecked Source IP Ranges (n.n.n.n/x)
52.56.150.127/32
35.177.22.237/32
This will enable simulated phishing emails, that appear to be sent from your organisation's domain, to be successfully delivered to your recipients' inboxes. As with all allowlisting, we recommend setting up a test campaign to yourself or a small group to ensure everything works smoothly before running organisation-wide campaigns.
Attachment Protection Bypass Policy
Sending attachments within simulated phishing tests can trigger Mimecast's Attachment Protection system, enabling the settings below will increase the likelihood of Phishing Tackle attachments arriving in recipients' inboxes. Mimecast may still prevent the delivery of some attachments, be sure to test several attachment types before rolling out organisation-wide campaigns.
- Log onto the Mimecast Administration console.
- Open the Administration Toolbar.
- Select Gateway | Policies.
- Select Attachment Protection Bypass.
- Select New Policy.
- Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring Attachment Protection Bypass Policies.
- Enter Phishing Tackle's IP Address in the Source IP Ranges Field. (Find our most up to date IP address here)
Option
Setting
Options
Policy Narrative
Phishing Tackle Attachment Protection Bypass Select Option
Disable Attachment Protection Emails From
Addresses Based On
The Return Address (Email Envelope Form) Applies From
Everyone Specifically
Applies to all Senders Emails To
Applies To
Internal Addresses Profile Group
Applies to all Internal Recipients Validity
Enable/Disable
Enable Set policy as perpetual
Always On Date Range
All Time Policy Override
Checked Bi Directional
Unchecked Source IP Ranges (n.n.n.n/x)
52.56.150.127/32
35.177.22.237/32
As with all allowlisting, we recommend setting up a test campaign to yourself or a small group to ensure everything works smoothly before running organisation-wide campaigns.
URL Protection Bypass Policy
Mimecast's URL Protection service scans links sent within emails as they are delivered. Occasionally, this causes simulated phishing emails to trigger this service. Follow the steps below to create a URL Protection Bypass policy.
- Log onto the Mimecast Administration console.
- Open the Administration Toolbar.
- Select Gateway | Policies.
- Select URL Protection Bypass.
- Select New Policy.
- Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring a URL Protection Bypass Policy.
- Enter Phishing Tackle's IP Address in the Source IP Ranges Field. (Find our most up to date IP address here)
Option
Setting
Options
Policy Narrative
Phishing Tackle URL Protection Bypass Select Option
Disable URL Protection Emails From
Addresses Based On
Both Applies From
Everyone Specifically
Applies to all Senders Emails To
Applies To
Internal Addresses Profile Group
Applies to all Internal Recipients Validity
Enable/Disable
Enable Set policy as perpetual
Always On Date Range
All Time Policy Override
Checked Bi Directional
Unchecked Source IP Ranges (n.n.n.n/x)
52.56.150.127/32
35.177.22.237/32
As with all allowlisting, we recommend setting up a test campaign to yourself or a small group to ensure everything works smoothly before running organisation-wide campaigns
Attachment Management Bypass Policy
Mimecast may still strip some attachments out of emails, follow the steps below to further reduce the probability of this happening.
- Log onto the Mimecast Administration console.
- Open the Administration Toolbar.
- Select Gateway | Policies.
- Select Attachment Management Bypass.
- Select New Policy.
- Select the appropriate settings under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring Attachment Management Bypass Policies
- Enter Phishing Tackle's IP Address in the Source IP Ranges Field. (Find our most up to date IP address here)
Option
Setting
Options
Policy Narrative
Phishing Tackle Management Bypass Select Option
Disable Attachment Management Emails From
Addresses Based On
Both Applies From
Everyone Specifically
Applies to all Senders Emails To
Applies To
Everyone Specifically
Applies to all Recipients Validity
Enable/Disable
Enable Set policy as perpetual
Always On Date Range
All Time Policy Override
Checked Bi Directional
Unchecked Source IP Ranges (n.n.n.n/x)
52.56.150.127/32
35.177.22.237/32
As with all allowlisting, we recommend setting up a test campaign to yourself or a small group to ensure everything works smoothly before running organisation-wide campaigns.
Optional Mimecast Policies
Preventing Mimecast from Re-Writing Phishing Links:
To prevent Mimecast from re-writing the links in the simulated phishing emails you send, you can add Phishing Tackle's Phishing Link domains as Permitted URLs in Mimecast. See this guide to find our list of Phishing URLs.
We don't recommend creating an exception for this unless you also have exceptions for other senders in place. Otherwise, recipients will get suspicious as Phishing Tackle's emails will look considerably different to all other emails they receive.
For more information on disabling link re-writing on permitted URLs, see Mimecast's article on Managed URLs.
Prevent Mimecast from quarantining Phishing Tackle emails that fail authentication checks:
If Phishing Tackle emails are caught within Mimecast's Quarantine or routed to your spam/junk mail folder due to an authentication fail we recommend disabling SPF, DKIM & DMARC verification for messages originating from our IP addresses.
Create a DNS Authentication – Inbound Policy
- Log onto the Mimecast Administration console.
- Select Gateway | Policies.
- Click Definitions.
- Click DNS Authentication - Inbound.
- Click New DNS Authentication - Inbound Checks.
- Create a name for the policy.
- Please leave all option boxes unchecked.
- Click Save.
Configure the DNS Authentication - Inbound Policy
- Select Gateway | Policies.
- Select the policy DNS Authentication - Inbound.
- Select New Policy.
- Ensure the settings below match the table.
Options
Policy Narrative
Phishing Tackle DNS Policy Select Option
No Authentication Emails From
Addresses Based On
Both Applies From
Everyone Specifically
Applies to all Senders Emails To
Applies To
Everyone Specifically
Applies to all Recipients - In Source IP ranges enter our IP addresses.
- 52.56.150.127/32
- 35.177.22.237/32
- 52.56.150.127/32
- Check the option Policy Override.
- Click Save.
Allowlisting can be complicated so if you require any further assistance, please contact our support team by clicking here.