Skip navigation
All Places > The Mimecaster Central Blog > Blog
1 2 3 Previous Next

The Mimecaster Central Blog

71 posts

Bob Adams is a Cyber Security Strategist at Mimecast. Originally joining Mimecast nearly four years ago as a Sales Engineer, Bob was recruited to Product Management after developing various unique ways of investigating cyber attacks and highlighting Mimecast's services. Bob now continues to use his time to help educate companies on protecting themselves against advanced cyber threats.


Hello again Mimecast Administrators! I hope you’ve had a chance to review the Top 10 Ways to Optimize Mimecast Targeted Threat Protection (TTP) Guide and Part 1 in this blog series.


Continuing the discussion, I wanted to delve into how Mimecast handles domains. In Part 2, we will cover the first set of tips in more detail, give some more background on the settings and offer additional tips.


I first covered how to display the destination domain of a Mimecast rewritten URL. Enabling this feature helps users specifically take notice of the website’s domain only instead of an entire URL. For example, what would a user think of the following?



They would likely only see This attack is specifically designed for users on mobile devices: They click a link, and instead of opening the Facebook application (remember that it is not actually Facebook), they'll only see what the attacker wants them to see in their browser. In this example, they completely miss that the URL is an unsafe site:



In reality, the domain within that URL is, which a user would see as in the Mimecast rewritten URL.


Did you also know that, as a Mimecast Administrator, you can decode URLs rewritten by Mimecast? Understanding how Mimecast rewrites URLs is important, which highlights one of the most important areas of focus for email security: domain identification. Within an inbound email or URL, you can detect and display the destination domain. However, it’s not just about identifying a domain, but also analyzing it for impersonation.


Mimecast recently added Advanced Similarity Checks which go beyond Anti-Spoofing and DNS Authentication (SPF, DKIM, and DMARC). With these checks, organizations can identify attackers attempting to use domains intended to appear like their own, as well as organizations they work with such as suppliers and customers. This functionality applies to both Mimecast URL Protect and Mimecast Impersonation Protect.


Attackers also attempt to use various character manipulation tactics to trick your users. As outlined in the Top 10 guide, these enhancements are explained in great detail in a recent Service Update.


Remember, Mimecast’s Targeted Threat Protection (TTP) is only going to protect your organization if it’s configured. A crucial part of domain detection will be to populate your Custom Monitored Domain list to ensure Mimecast is protecting your organization from both the Mimecast Managed Domains list as well as the domains you specify for your organization.


I hope you’re becoming more comfortable with your environment’s email security and have learned some of the new ways we're enhancing our products. Stay tuned for Part 3, where we’ll cover how to understand the various Mimecast Attachment Protect options, and how TTP features can be versatile by applying different settings across your environment.

Dan Sloshberg is the Product Marketing Director at Mimecast, taking the lead on the Mimecast API, GDPR and market intelligence. A Mimecaster since 2013 and over 20 years in tech, he is a frequent speaker on all things cloud, security, cyber resilience and GDPR.


We are delighted to announce yet another integration with leading SIEM solution IBM QRadar. This follows our recent announcement of Mimecast for LogRhythm and the latest update to our Splunk app.IBM Security Logo


Combating the rapidly evolving threat landscape is a constant struggle, with email remaining the number one attack vector and threats becoming more stealthy, sophisticated and evasive to detection. The Mimecast for IBM QRadar app offers organizations better detection and alerting before, during and after an attack.


Integrating Mimecast data into the QRadar system through the Mimecast data logging API allows email security data to correlate against other data sources, and be included in behavioral anomaly detection, helping to identify indicators of advanced threats that would otherwise go unnoticed.


Joint Mimecast and IBM customers can better predict and prioritize what vulnerabilities to remediate through improved visibility of attacks with highly focused alerts. The impact of an attack can be minimized through faster response times made possible by using one single system for threat intelligence and response.


Access the Mimecast for IBM QRadar application through IBM’s Security App Exchange. You can also find out more through Mimecast’s developer portal.


We also encourage all of you to share your own integration ideas here now in the community!

Bob Adams is a Cyber Security Strategist at Mimecast. Originally joining Mimecast nearly four years ago as a Sales Engineer, Bob was recruited to Product Management after developing various unique ways of investigating cyber attacks and highlighting Mimecast's services. Bob now continues to use his time to help educate companies on protecting themselves against advanced cyber threats.


Hello Mimecast administrators! I’m pleased to introduce a new blog series tailored just for you. As a follow-up to my Top 10 Ways to Optimize Mimecast Targeted Threat Protection (TTP) Guide, I wanted to share my thoughts on why I wrote it and provide additional insight into the topics discussed.


My goal is to help Mimecast admins evaluate their current security settings and get the most out of their Mimecast services. It’s important to remember that Targeted Threat Protection and its product updates are not enabled by default, as there are numerous settings that will vary from organization to organization.


Whether you still need to configure your TTP settings, want to review and update them, or are interested in learning more about the various features, this guide is for you.


When reading it, first review the Before You Start section to ensure your organization is at a proper baseline before making any changes. TTP is an evolving suite of services, and this guide is designed to help you perform a review of your current environment, and learn about best practices and recent product enhancements.


Throughout this series, each blog will introduce several tips and highlight different options for best customizing Targeted Threat Protection for your environment. For example, did you know that Mimecast can prevent attackers from impersonating external organizations you work with?


Additionally, since Mimecast is built to have its services work together, I will also shed some light on how certain settings interact with other aspects of Mimecast’s services. For example, we recently launched Mimecast Web Security. If you use Mimecast as your Secure Email Gateway with Targeted Threat Protection, and use Mimecast Web Security, you’ll find that some features from URL and Attachment Protect are available to help protect your Web Security as well.


I’ll explain all of this in more detail when I cover those features and settings in the coming blogs – stay tuned and get involved! I hope this will be an engaging series, and am looking forward to your feedback. Please feel free to comment on the optimization guide, this post, or on the coming blogs.

After many months of development and the completion of a very successful early adopter program, I am very happy to help announce the immediate availability of Mimecast Web Security


My part in the launch program this week was centered in London, from where I am currently writing this. Built-up in and around IPExpo Europe, in addition to supporting the event itself, we hosted both a customer and partner meeting where we explained and discussed this new service. Suffice it to say the interest was high and the understanding of what have done and why we have done it was also quite high.


In short, combining email and web security into a single integrated cloud service seems obvious, given the high proportion of cyber attacks that occur via email, web, or a via combination, is resonating. And given that you, our administrative customers don't have a shortage of things to do, we think the fact that it is easy to deploy, configure, and manage will be a key success factor for the service.


Interested in learning more? For starters, you can check out the documentation, the write-up and datasheet on, the Service Update, my introductory blog, and even request a 30-day free trial, which is open to all current Mimecast customers. We would also love to hear from you, questions, comments, and concerns as you have them.

The following blog is by J. Peter Bruzzese, a Microsoft MVP (Exchange/Office 365), technical author/journalist/and speaker for Microsoft and others. For nearly a decade, he wrote the Enterprise Windows column for InfoWorld. J. Peter is the co-founder of both ClipTraining and Conversational Geek. He’s a strategic technical consultant for Mimecast. You can find him on Twitter at: @JPBruzzese.


A major outage in the US takes down a key Microsoft datacenter and a host of cloud services in the process. What to do when the “cloud” goes down?


Every vendor offering a cloud-based solution pours ungodly amounts of money into redundancy to ensure a single failure or even multiple failures go unnoticed by customers connected to their services. For months, it appears as if nothing can go wrong. And then…it does.


This week, Microsoft experienced Azure and Office 365 outages due to severe weather (lightning) taking out cooling systems in data centers located in San Antonio, Texas. This forced servers and services to shut down. The outage was focused on the South-Central U.S., but it affected customers around the globe. More specifically, the outage affected Exchange, SharePoint, Teams and a variety of other solutions with Azure AD being a problem for identity management, as well (which connects back to Office 365).


After most services were restored, customers were receiving error messages for Outlook and Skype saying they were being throttled due to a change to Azure AD for Office 365 authentication.


Without belaboring the situation, the real question is: “What did we learn from this outage?”


Cloud “haters” will tell you to avoid the cloud. That’s ridiculous at this stage of the game. When an airline has an incident do we stay out of the air? No, we learn from the failure. When it comes to cloud-based solutions, it’s important to understand that there is no perfect world where services never go down. Azure and Office 365 have gone down and will continue to go down. Microsoft will learn and improve, and we appreciate their efforts. But what does it mean when you have to cope with reality when an outage hits?


You may have a recovery plan for your on-prem environment – what happens when you experience a cloud outage? Do you have a plan to recover?


J. Peter continues his IT Admin's Guide to O365 Continuity, and recovery strategies for Mimecast customers, over at the Mimecast blog

Wade Suster (an active community Legend!) hails from South Africa as both a customer and channel partner, and has spent the past 13 years in IT. Wade's career began in retail, where he built computers to customer specifications, then shifted to security. His work in the security industry includes helpdesk support for antivirus software, and a focus on IPS systems, packet shapers and now, perimeter security. His relatively late start to security proves that it's never too late to start again!

Could you describe your role and how Mimecast helps you with your daily work?


I am a Security Engineer. The company I work for is focused purely on security -- because of this, I am involved with multiple products, but mainly focus on Mimecast.


I look after multiple customers' (17+) Mimecast environments, and assist where needed. I also do Mimecast pre- and post-sales, implementations, and assist with POCs. The best part about this is interacting with existing and potential new customers. With every new customer challenge, I learn something new and my knowledge of the Mimecast product increases.


With Mimecast blocking many known and unknown threats, phishing attempts and bad URLs, this makes my customers feel safe, and in return, makes my life a lot easier!


Which security issues was your company most looking to solve when it decided upon Mimecast?


My current company was already an existing Mimecast user before I started here, but from interacting with my customers before they were using Mimecast, their main requirements were Archiving, Continuity and Targeted Threat Protection (TTP). Before they used Mimecast, most of the customers had issues where malware and zero-day threats were still getting through.

Another reason for moving to Mimecast was that some of the customers were using multiple products for spam, malware and archiving.

Best piece of advice/helpful pointers for one of your peers just starting off?


There is an answer to everything. If you have an issue with something, talk to Mimecast or log a call. The Mimecast staff are super friendly and helpful. Mimecast even offers free training, so take advantage of that!


Also have a look at the Mimecaster Central community. If you are stuck with an issue, ask for help, as there will always be someone there to assist. Have a look at previous discussions, as you can learn a lot here.


Most helpful feature of Mimecast services?


I have two, the first one being Data Leak Prevention. This is so customizable that you can create rules for just about anything.


The second one would have to be the use ofMailbox Continuity in Mimecast Mobile. It’s nice to be able to receive and send emails, and even search the archive from my mobile device -- if there is an issue connecting to Exchange, I can just use the Mimecast apps. I use Mimecast Mobile just about every day.


What keeps you busy off the clock?


I am super competitive, so anything that involves winning something. I love playing Pool (Billiards), Squash, and a bit of gaming when I can.

Favorite movie?


This has got to be The Shawshank Redemption!

One thing someone here in the community wouldn’t know about you?


I can't stand onions!


>> Be sure to check out more Legends of Mimecast interviews in the series. 

The following blog is authored by Matthew GardinerMatthew is Director of Product Marketing at Mimecast, currently focused on email security, phishing, malware, and cloud security.


Just like there is no one way to catch a thief, there is no one way to catch malware. There are just so many ways to build, compile, pack, and otherwise obfuscate files to get past specific detection techniques. This is why the Mimecast email security service uses many analytic techniques, including multiple AV engines, file type blocks, static file analysis, and behavioral sandboxing, as well as multiple threat intelligence sources, to separate good files from malicious ones. And of course, users need their emails and good files without delay! You can read all about how we do this in our cloud security service in this technical paper.


In addition, there are multiple delivery vehicles for malware, which is why many security systems, whether they operate on email, the web, the network, in a cloud service, or on the endpoint, need sophisticated malware detection capabilities to be effective.


This brings me to our recently announced acquisition of the anti-malware specialist Solebit. If you are an existing customer of Mimecast and use Targeted Threat Protect (TTP) – Attachment Protect, you are benefiting from Solebit’s technology today! Approximately six months ago, we added Solebit’s static file analysis malware detection software to our email security inspection funnel in our global datacenters, and, as expected, saw a marked increase in performance and detection efficacy with average processing times in TTP Attachment Protect dropping from 44 to 23 seconds. A “two-for” benefit. Rarely does security performance and efficacy improve together, as they are typically in conflict with each other. But this is not true with Solebit.


Mimecast plans to further utilize this technology to differentiate in other product areas. Solebit helps differentiate Mimecast today via its efficacy (stops more advanced threats) and speed of detection (much faster than traditional methods – like sandboxing). Owning the company allows Mimecast to further innovate in the security detection area.  We believe this technology is critical to helping our customers become more cyber resilient.


With one purchase, we get access to dozens of security experts and open up a new development office in the security engineering hot spot of Herzliya, Israel in one transaction.


On the technology side, the purchase of Solebit provides Mimecast with even more malware detection capabilities as we enter into security spaces beyond Secure Email Gateways (notably, our recent public disclosure of our early adopter program and entry into the web security cloud services market). Given that both email and the web - often working together - are used to deliver and operate malware, such as ransomware and trojans, owning and continuing to develop key anti-malware technology will be key to the continued success of the Mimecast offerings, both current and future.


So now you know. With the acquisition of Solebit, Mimecast takes another major step toward delivering on our vision of providing a “super category” of cyber resilience solutions from a global, cloud-based service.

Matthew Gardiner is a Director of Product Marketing at Mimecast, currently focused on email security, phishing, malware, and cloud security.


Given that you are spending some time in this Mimecast community and are reading this blog, there is an excellent chance that you are securing your email with the Mimecast family of security services. Thanks for that! Of potentially high interest to you is our upcoming entry into the web security market. 


I want to bring to your attention our recent public step to extend our cloud-based security service into the domain of web security. While email is generally considered to be the dominant entry point for security threats, the web certainly isn't far behind and is often a key tool for attackers. And even in email-initiated attacks, particularly when malware is involved, attackers generally pivot to using the web to execute their attacks. 


We think it makes a lot of sense to bring those two worlds together - email and web security - into a single service that provides an integrated, yet multi-vector defense. That is why later this year we plan to release a new cloud-based web security service - Mimecast Web Security - that provides web filtering and acceptable use controls at the DNS resolver layer of the web. A key goal of the service is to give you a security service that is easy to deploy and manage, while providing strong security bang-for-the-buck.


I tell you this now because we have just moved into our public phase of early-adopter testing. This is open to any existing customer of Mimecast. If you have interest in taking part in this testing period, which is estimated to remain open until September 1st, I encourage you to indicate your interest by filling out the form on this page


Also, we have recently pushed live a beta testing subspace here. Check it out for some more details on the service and the program.


If you have any questions, feel free to ask them below in the comments.

Matthew Gardiner is a Director of Product Marketing at Mimecast, currently focused on email security, phishing, malware, and cloud security.


Have you noticed that we at Mimecast are increasingly talking about the need for resilience for your email? In fact, not too long ago, we added a significant amount of new content on under the heading Cyber Resilience for Email. Have you wondered why we are doing that? 


This brings me to the analogy of the iPhone. The iPhone fundamentally changed the nature of what mobile phones, computers, and cameras are -- from distinct products to integrated services provided on a single platform.


We see the same phenomenon changing email as it migrates from on-premises to the cloud. Email-supporting services such as security, archiving, backup, recovery, and business continuity, which in the on-premise email world had been delivered by separate products and deployment practices, are able to be more efficiently provided by an integrated cloud service, more like an iPhone.


Before making the transition to Cyber Resilience for Email, Mimecast previously talked about providing security, continuity, and archiving services for email. While certainly true, this description lacked the vision of providing an integrated service that combined all of those individual capabilities, and more, as an integrated service.


Given that IT organizations ultimately need to provide IT services in general, and email services in particular that are resilient, after much thought, we landed on the word “resilience” to best describe what we provide for organizations’ email. We Make Email Safer for Business through our Cyber Resilience for Email solution. Making what we provide clearer to the world is largely “why” we came out with Cyber Resilience for Email solution naming.


What is Mimecast Cyber Resilience for Email? It is a combination of Mimecast services, including Secure Email Gateway with Targeted Threat Protection, continuity, and the newest service member, Sync & Recover, which is an extension of our longstanding archiving service.


When used together, these services help organizations protect their email before, during, and after an attack, technical failure, or careless user or administrator action. With thousands of organizations and millions of users depending on it currently, it isn’t new for them, but it is part of a key general trend that Mimecast is leading that is sweeping through the IT marketplace.


I would be very interested to hear what Cyber Resilience for Email means to you and your organization!

The following blog is by Peter Bauerthe CEO and co-founder of Mimecast, which he launched in 2003 along with co-founder and CTO Neil Murray.


I am excited to announce that last week, Mimecast acquired Ataata. Together we can dramatically improve employee cyber security awareness training globally. Ask any security professional today and they will respond that their traditional end user security awareness training is extremely difficult to get traction with internally. Creating the right security culture is hard and programs that are considered boring don’t make that any easier.


Ataata has a unique approach to getting employees engaged, fundamentally changing corporate culture, and ultimately, changing human behavior. This is critical as human error is involved in almost all breaches, making organizations without the right training much more vulnerable. Our Mimecast + Ataata video training content will help everybody understand how important human behavior is when it comes to protecting their business and how to make better decisions.


With training done right, employees can be security teams' greatest allies. According to research Mimecast conducted with Vanson Bourne, 90% of organizations have seen phishing attacks increase over the last year, but only 11% say they continuously train employees on how to spot cyberattacks. This is a major problem in the industry, which is why we are thrilled that together, Mimecast and Ataata will help organizations close this gap.


Ataata is fun. It’s a compelling content platform focused on addressing the human firewall in a unique way.


Why don’t you check out the videos for yourself?


You can learn more about how Ataata is joining the Mimecast family here.

Dan Sloshberg is the Product Marketing Director at Mimecast, taking the lead on the Mimecast API, GDPR and market intelligence. A Mimecaster since 2013 and over 20 years in tech, he is a frequent speaker on all things cloud, security, cyber resilience and GDPR.


As socially engineered impersonation attacks via email continue to grow, we are delighted to announce an alliance partnership with DMARC Analyzer to help customers better protect against these attacks.


Many of you are already using our Targeted Threat Protection – Impersonation Protect solution. This analyzes and combines multiple indicators of compromise to stop attacks targeting their employees, including those using lookalike domains, display name spoofing and reply-to-mismatch deception techniques.


DMARC Analyzer extends this protection with 360-degree email channel visibility, reporting and validation. The simple-to-setup-and-use cloud solution provides insight into unauthorized use of an organization’s own domains, which left unmonitored, can lead to impersonation attacks on customers, suppliers, other external parties and employees, too. DMARC Analyzer helps organizations move to a Domain-based Message Authentication, Reporting and Conformance (DMARC) reject policy faster and with more confidence.


Layering these complementary solutions delivers joint customers a better level of defense against all types of email fraud.


Read the joint datasheet and speak to your Mimecast or partner account manager to learn more.


We encourage you to also check out the other Alliance and API partners we’re working with to deliver even more value to our customers.

Dan Sloshberg is the Product Marketing Director at Mimecast, taking the lead on the Mimecast API, GDPR and market intelligence. A Mimecaster since 2013 and over 20 years in tech, he is a frequent speaker on all things cloud, security, cyber resilience and GDPR.


Hot on the heels of our recent Application Programming Interface (API) Developer Portal launch, we are excited to announce our latest integration partner: LogRhythm – a leading enterprise security and threat management provider.  


This highly requested integration offers joint customers the ability to benefit from LogRhythm’s advanced correlation and pattern recognition by automatically consuming email security data directly from the Mimecast cloud service. By combining this data with security data from other sources within your infrastructure, you can improve overall threat visibility, detection and alerting.


Automated or manual action can then be taken to improve your security posture – directly from the LogRhythm console. These actions can include disabling accounts and updating security policies such as blocked senders and blacklisting or whitelisting of URLs.


Combined with Mimecast’s advanced email security capabilities, including Targeted Threat Protection, you'll all benefit from tools designed to deliver the most effective cyber security and resilience.


Find out more about the LogRhythm integration with Mimecast, download the data collector tool and access documentation on the API Developer Portal.


We also encourage all of you to share your own integration ideas here now in the community!

As part of our commitment to recognizing and rewarding our most active and helpful community members in Mimecaster Central, we are happy to announce the addition of two new point levels as part of our gamification programScholar (30,000 points) and Royal (150,000 points)


Here's a preview of these new point levels (old on the left -> new on the right):



Just to give you some background on how far we've come with gamification, when we piloted our community nearly three years ago back in late 2015, our community did not have a single Jedi Master (15,000 points +).


I'll actually go a bit further: It really didn't have a voice.


Thanks to all of your continued support, building lasting relationships, helping your fellow peers, and even suggesting some new support hold music, YOU have given our community a voice.


In fact, we are now 7,000+ active per month in Mimecaster Central, and amongst that, five Jedi Masters. In other words, you can be confident that by coming to our community, you'll always have a helping hand nearby, whether it's a welcome from our community champions (Legends), or an answer from a newbie that's eager to jump into the mix. It's a far more vibrant place than it was just a few years back, thanks to you.


So from the bottom of our hearts on the community team, thank you for your continued leadership in, and support of, Mimecaster Central. Enjoy climbing our leaderboards . We've got plenty in store for the coming months, including our next AMA, so stay tuned!


Pro Tip

As always, you can see your missions earned, level status, and more in the Reputation tab of your community profile. 

David Hood is the Director of Technical Marketing focused on Office 365, continuity, and the Mimecast API. A Mimecaster since 2015, he’s a frequent speaker and commentator on cloud


I’m pleased to announce a user group dedicated to the healthcare industry on Mimecaster Central!


The healthcare industry faces many unique challenges – from protecting sensitive patient data to complying with strict regulations – often without the financial and personnel resources available in other industries.


This user group here in the community is a place for healthcare professionals to get data, news stories, information and more that impact cyber resilience for email. It’s also a place to see what your peers in the industry are talking about and a chance to network with other Mimecast customers.


I encourage you to join today and take part in the conversation!

Mimecaster Central community rockstar (and Legend!David Ignash is a Security Administrator, working for a financial institution that specializes in farm loans. He’s been tinkering with IT ever since he got his hands on his first Commodore 64. David has lived in Michigan (United States) all his life, and currently lives in the Lansing area. You can also check out his community Q&A here.


Have you ever wondered if you are using all of the Mimecast features available to make your organization as secure as possible? Well wonder no more! Follow this checklist to ensure that you are taking advantage of all that Mimecast has to offer.



Checked what account is your "Super Administrator"
  • Ensured that the password to your "Super Administrator" is in a secure location, not easily guessed
Does Help Desk have access to help external customers? (i.e. Secure Messaging)
  • Should they?

Do other users/administrators have the least amount of privileges to accomplish their job?

Managing Administrator Roles 


PII (Personally identifiable information)

Checked what your organization identifies as PII


Disaster Recovery

Have you performed a Disaster Recovery test at least once a year?


Up to date software

Are users running the most up to date version of "Mimecast for Outlook"?


URL Protection

Done?URL Protect
Is URL Protection enabled for all emails coming into your organization?


Attachment Protection

Done?Attachment Protect
Is Attachment Protection enabled for all emails coming into your organization?



Are TLS settings configured to ensure that email is sent securely?


Impersonation Protection

Are Impersonation Protection settings configured to alert the user of suspicious emails?


DNS Authentication

Are DNS settings configured to ensure that mail is sent securely?



Is greylisting configured to ensure that suspicious emails are filtered out?


Account settings

Are account settings configured to ensure the console is secured? (i.e. Admin IP Ranges)



Is Active Directory synchronization still pulling in the correct data?


Authorized Outbounds

Has anything changed with your authorized outbounds IP addresses?


Secure Messaging

Done?Secure Messaging
Has secure messaging been enabled so users can safely submit sensitive data?



Have the appropriate users been trained in how to use Mimecast securely, or even Mimecast at all?


This list provides a way to help you check major security settings within Mimecast. It is also meant to help you think of other areas within the application to ensure you are a secure as possible. You could check this once a year just to make sure things are healthy, and keep up with changes to your organization.


Thank you!