Skip navigation
All Places > The Mimecaster Central Blog > Blog

The following blog is by Peter Bauerthe CEO and co-founder of Mimecast, which he launched in 2003 along with co-founder and CTO Neil Murray.


I am excited to announce that last week, Mimecast acquired Ataata. Together we can dramatically improve employee cyber security awareness training globally. Ask any security professional today and they will respond that their traditional end user security awareness training is extremely difficult to get traction with internally. Creating the right security culture is hard and programs that are considered boring don’t make that any easier.


Ataata has a unique approach to getting employees engaged, fundamentally changing corporate culture, and ultimately, changing human behavior. This is critical as human error is involved in almost all breaches, making organizations without the right training much more vulnerable. Our Mimecast + Ataata video training content will help everybody understand how important human behavior is when it comes to protecting their business and how to make better decisions.


With training done right, employees can be security teams' greatest allies. According to research Mimecast conducted with Vanson Bourne, 90% of organizations have seen phishing attacks increase over the last year, but only 11% say they continuously train employees on how to spot cyberattacks. This is a major problem in the industry, which is why we are thrilled that together, Mimecast and Ataata will help organizations close this gap.


Ataata is fun. It’s a compelling content platform focused on addressing the human firewall in a unique way.


Why don’t you check out the videos for yourself?


You can learn more about how Ataata is joining the Mimecast family here.

Dan Sloshberg is the Product Marketing Director at Mimecast, taking the lead on the Mimecast API, GDPR and market intelligence. A Mimecaster since 2013 and over 20 years in tech, he is a frequent speaker on all things cloud, security, cyber resilience and GDPR.


As socially engineered impersonation attacks via email continue to grow, we are delighted to announce an alliance partnership with DMARC Analyzer to help customers better protect against these attacks.


Many of you are already using our Targeted Threat Protection – Impersonation Protect solution. This analyzes and combines multiple indicators of compromise to stop attacks targeting their employees, including those using lookalike domains, display name spoofing and reply-to-mismatch deception techniques.


DMARC Analyzer extends this protection with 360-degree email channel visibility, reporting and validation. The simple-to-setup-and-use cloud solution provides insight into unauthorized use of an organization’s own domains, which left unmonitored, can lead to impersonation attacks on customers, suppliers, other external parties and employees, too. DMARC Analyzer helps organizations move to a Domain-based Message Authentication, Reporting and Conformance (DMARC) reject policy faster and with more confidence.


Layering these complementary solutions delivers joint customers a better level of defense against all types of email fraud.


Read the joint datasheet and speak to your Mimecast or partner account manager to learn more.


We encourage you to also check out the other Alliance and API partners we’re working with to deliver even more value to our customers.

Dan Sloshberg is the Product Marketing Director at Mimecast, taking the lead on the Mimecast API, GDPR and market intelligence. A Mimecaster since 2013 and over 20 years in tech, he is a frequent speaker on all things cloud, security, cyber resilience and GDPR.


Hot on the heels of our recent Application Programming Interface (API) Developer Portal launch, we are excited to announce our latest integration partner: LogRhythm – a leading enterprise security and threat management provider.  


This highly requested integration offers joint customers the ability to benefit from LogRhythm’s advanced correlation and pattern recognition by automatically consuming email security data directly from the Mimecast cloud service. By combining this data with security data from other sources within your infrastructure, you can improve overall threat visibility, detection and alerting.


Automated or manual action can then be taken to improve your security posture – directly from the LogRhythm console. These actions can include disabling accounts and updating security policies such as blocked senders and blacklisting or whitelisting of URLs.


Combined with Mimecast’s advanced email security capabilities, including Targeted Threat Protection, you'll all benefit from tools designed to deliver the most effective cyber security and resilience.


Find out more about the LogRhythm integration with Mimecast, download the data collector tool and access documentation on the API Developer Portal.


We also encourage all of you to share your own integration ideas here now in the community!

As part of our commitment to recognizing and rewarding our most active and helpful community members in Mimecaster Central, we are happy to announce the addition of two new point levels as part of our gamification programScholar (30,000 points) and Royal (150,000 points)


Here's a preview of these new point levels (old on the left -> new on the right):



Just to give you some background on how far we've come with gamification, when we piloted our community nearly three years ago back in late 2015, our community did not have a single Jedi Master (15,000 points +).


I'll actually go a bit further: It really didn't have a voice.


Thanks to all of your continued support, building lasting relationships, helping your fellow peers, and even suggesting some new support hold music, YOU have given our community a voice.


In fact, we are now 7,000+ active per month in Mimecaster Central, and amongst that, five Jedi Masters. In other words, you can be confident that by coming to our community, you'll always have a helping hand nearby, whether it's a welcome from our community champions (Legends), or an answer from a newbie that's eager to jump into the mix. It's a far more vibrant place than it was just a few years back, thanks to you.


So from the bottom of our hearts on the community team, thank you for your continued leadership in, and support of, Mimecaster Central. Enjoy climbing our leaderboards . We've got plenty in store for the coming months, including our next AMA, so stay tuned!


Pro Tip

As always, you can see your missions earned, level status, and more in the Reputation tab of your community profile. 

David Hood is the Director of Technical Marketing focused on Office 365, continuity, and the Mimecast API. A Mimecaster since 2015, he’s a frequent speaker and commentator on cloud


I’m pleased to announce a user group dedicated to the healthcare industry on Mimecaster Central!


The healthcare industry faces many unique challenges – from protecting sensitive patient data to complying with strict regulations – often without the financial and personnel resources available in other industries.


This user group here in the community is a place for healthcare professionals to get data, news stories, information and more that impact cyber resilience for email. It’s also a place to see what your peers in the industry are talking about and a chance to network with other Mimecast customers.


I encourage you to join today and take part in the conversation!

Mimecaster Central community rockstar (and Legend!David Ignash is a Security Administrator, working for a financial institution that specializes in farm loans. He’s been tinkering with IT ever since he got his hands on his first Commodore 64. David has lived in Michigan (United States) all his life, and currently lives in the Lansing area. You can also check out his community Q&A here.


Have you ever wondered if you are using all of the Mimecast features available to make your organization as secure as possible? Well wonder no more! Follow this checklist to ensure that you are taking advantage of all that Mimecast has to offer.



Checked what account is your "Super Administrator"
  • Ensured that the password to your "Super Administrator" is in a secure location, not easily guessed
Does Help Desk have access to help external customers? (i.e. Secure Messaging)
  • Should they?

Do other users/administrators have the least amount of privileges to accomplish their job?

Managing Administrator Roles 


PII (Personally identifiable information)

Checked what your organization identifies as PII


Disaster Recovery

Have you performed a Disaster Recovery test at least once a year?


Up to date software

Are users running the most up to date version of "Mimecast for Outlook"?


URL Protection

Done?URL Protect
Is URL Protection enabled for all emails coming into your organization?


Attachment Protection

Done?Attachment Protect
Is Attachment Protection enabled for all emails coming into your organization?



Are TLS settings configured to ensure that email is sent securely?


Impersonation Protection

Are Impersonation Protection settings configured to alert the user of suspicious emails?


DNS Authentication

Are DNS settings configured to ensure that mail is sent securely?



Is greylisting configured to ensure that suspicious emails are filtered out?


Account settings

Are account settings configured to ensure the console is secured? (i.e. Admin IP Ranges)



Is Active Directory synchronization still pulling in the correct data?


Authorized Outbounds

Has anything changed with your authorized outbounds IP addresses?


Secure Messaging

Done?Secure Messaging
Has secure messaging been enabled so users can safely submit sensitive data?



Have the appropriate users been trained in how to use Mimecast securely, or even Mimecast at all?


This list provides a way to help you check major security settings within Mimecast. It is also meant to help you think of other areas within the application to ensure you are a secure as possible. You could check this once a year just to make sure things are healthy, and keep up with changes to your organization.


Thank you!

Joseph Tibbetts is the Program Director of Mimecast’s API Developer Platform. Although new to Mimecast, he’s been managing digital transformation initiatives for close to 20 years and is excited to collaborate with all Mimecasters! 


If you’ve been around Mimecaster Central lately, you may already be familiar with some of our integrations with Mimecast, from Mimecast for Splunk to Mimecast for Salesforce.


We’re pleased to formally announce the launch of our new Application Programming Interface (API) Developer Portal, to make it easy to get started with the tools, documentation, sample code and support needed to take advantage of the Mimecast API...and integrate with existing applications.


With the Mimecast API, you can:


  • Access enhanced logging to programmatically download gateway and security log file data, track email messages, and interact with security policies
  • Rapidly search the Mimecast archive and access content. Query individual mailboxes or all mailboxes in the organization using role based administrator permissions.
  • Automate common configuration tasks such as user and group management, adding new internal email domains, updating block lists and more
  • As a Mimecast registered Managed Service Provider and Partner, automate customer account provisioning and streamline ongoing customer account management
  • Architect customized solutions that fit into existing business process and applications


There are already over 50 integrations built into a variety of solutions including security information and event management (SIEM), security orchestration and automation, advanced eDiscovery and provisioning applications.

We also encourage all of you who want to unlock the power of Mimecast in new ways to share your own integration ideas now here in the community.


Ready to get started? Learn more about the API program, browse existing integrations, and request an application key now.

Fallout: GDPR Edition

Posted by user.RZYHBOK9oJ Employee Mar 13, 2018

While the video game series by the same title is a nice diversion from reality for many of my friends and my brother-in-law (the guy will stay up into the wee hours of the morning playing this thing), the reality is that the "Fallout" that occurs from a General Data Protection Regulation (GDPR) violation won't be quite as pretty.


Without being preachy (there's plenty of resources on the damages that could occur for non-compliance with this EU-driven initiative), we're here to remind you to check out our The specified item was not found. group on Mimecaster Central, well ahead of the regulation's enforcement on May 25, 2018.


The group is stocked with resources on not only the regulation itself, but also how to configure Mimecast to help you meet your GDPR compliance objectives...and avoid the fallout.


Additionally, you'll be able to raise discussions with fellow Mimecasters and get all your questions answered from a staff of experts including our Chief Trust Officer at Mimecast, Marc French.


Join our Mimecaster Central GDPR group now.

Matthew Gardiner is a Senior Product Marketing Manager at Mimecast, currently focused on email security, phishing, malware, and cloud security.


A key part of our job as your email security services provider is to keep adapting to the continuously changing nature of attacks being perpetrated by the cybercriminals. They shift and we shift. We shift and they shift. 


The latest additional arrow to our threat protection services quiver is a new file inspection service that combines the security provided by URL Protect and Attachment Protect. This new capability enables our email security service to send a directly linked file to be deeply inspected before it is allowed to be downloaded to your employees' desktop, blocking off another route to email-borne malware delivery. It shows off the clear value of combining URL Protect's link re-writing with the static file analysis and sandboxing of Attachment Protect. You can read more about this capability in this Service Update


All customers with URL Protect and Attachment Protect will have access to this capability as it becomes available on your particular Mimecast grid. In addition, it will also be available as part of our Internal Email Protect service at the same time.

The Mimecast user research team (working with product and design teams) needs customers like you to help improve Mimecast products, and ensure they work well for the people who use them.

Why join our User Research panel?

You’ll have the ability to:

  • Help shape Mimecast products and their features
  • Get a sneak peek at design enhancements and new offerings…before the general public
  • Share your opinions and experiences (the good and the bad!) that can help us make better products
  • Earn Mimecaster Central points for cool swag when you complete a research session with us


Interested? Join the User Research Panel in our User Groups
and/or email the team at and tell us which Mimecast products you use.


Once you’ve joined, we'll drop you a confirmation email, and you might be invited to:

  • Try out a new design in an interactive prototype and talk to us about your experience in your role, or with our products (30-60 minutes for 750-1500 Mimecaster Central points)
  • Participate in a quick online exercise (5-15 minutes for 750 Mimecaster Central points)


You can always say no to any invite, and opt out at any time!


Taking Part in User Research (FAQs)

Q: What's the process?

A: Once you've joined up, and there's an upcoming research project that seems relevant to you, we'll send an email inviting you to take part (possibly asking a few more questions), and if all is well, we'll find a mutually convenient time, and schedule a session.

Q: What will I be asked to do?

A: Most of the time, we'll start off with a few questions, and then ask you to either demonstrate how you do something, or ask you to do some tasks in a prototype. Then we'll typically finish with a few more questions.

Q: What set up do I need to participate?

  1. A computer connected to high-speed internet for screensharing
  2. The ability to install a small helper app for Zoom, our online meeting software
  3. A quiet environment 
  4. Sometimes, we do research on mobile devices, but we'll let you know when we send the invitation to take part

Q: Where do the sessions take place?

A: You don’t need to travel anywhere as we use Zoom for online meetings. If you live more than 10 timezones away from the UK, we may only be able to use you for quick online exercises. If you are in London or nearby, we could try to meet face to face, which is always nice! Or if you're at a Mimecast or other industry event, it would also be possible to meet there.

Q: What's the time commitment?

A: In terms of frequency, we will never expect you to participate more than 1 hour per every 3 months (though we may reach out more frequently, you can always say no). In terms of meeting length, sessions are kept as short as possible, typically 30-45 minutes. In some instances, we'll need to have an in-depth discussion which will be no more than an hour. All of this will be communicated up front.

Q: Will the meeting be recorded?

A: Usually just the voice and the screen containing our prototype with example data, but depends on the project. You’ll always be asked if the session can be recorded - you can say ‘no’ if you want to. And we won't record any of your company data. Recording helps us show relevant product team members what happened during a session. 

Q: Who can take part?

A: You must be 18 or older and a current Mimecast customer to take part.

Q: Who do I contact for questions/comments?

A: Contact Lisa, Sophie, and Rebecca at ( for more information or to update your details after you've signed up.

What the heck is an AMA?: You may have seen these on such platforms as Reddit. Our AMA will give you an opportunity to speak with members of the Mimecast Product and Service Delivery teams, and have all your questions answered! We’ll do our best to answer all questions during the time allotted, and provide insight on product plans that have been finalized.  


When: For our third edition, this will be a multi-day discussion to give all community members an opportunity to participate. Ask your question in the dedicated discussion thread anytime between Feb. 12-14, as we'll be answering them throughout the duration of the event! 


Where: The Mimecaster Central Community Forums (a dedicated thread will be displayed at the top of the Forums for your convenience) (Customer login required to access our Forums)


Who: Director of Product Management Steven Malone will be leading the answers, along with other members of the Mimecast team


See you Feb. 12-14 in Mimecaster Central for our next Ask Mimecast Anything! Look out for an email reminder the week of the event.

Matthew Gardiner is a Senior Product Marketing Manager at Mimecast, currently focused on email security, phishing, malware, and cloud security.


The plan is the plan, until it isn't!  As you can see in the updated Services Update, Mimecast has decided to go back to "opt-in" for device enrollment versus requiring "opt-out" as the original Services Update explained. As a diligent security service provider we feel very passionately about our role in improving your organization's email security.  We constantly debate internally how best to inform and enable our customers to improve their security posture. In some cases we can do it for you, for example, by making Attachment Protect smarter at detecting and blocking malware. Safe to say no one wants email-borne malware delivered! But in other cases security policy and user experience choices need to be made and ideally our customers' Mimecast admins continuously assess and make the right decision for their organizations. We still feel that for the vast majority of our customers, device enrollment is a feature that should be enabled for the reasons discussed below and in the Services Update.  But clearly it isn't for everyone either as you can see in the associated discussion threads. My bottom line ask is if you have admin responsibilities for Mimecast that you look closely at device enrollment and make up your own mind. We aren't going to do it for you!



In an effort to improve the usability and security of our URL-dependent security services (Attachment Protect & URL Protect), there are important new changes coming to Device Enrollment that might change your users' experience if you aren't already using it. Check out this newly posted Services Update for details.


It is very important that the Mimecast service keeps track of who clicks Mimecast links as part of the URL Protect and Attachment Protect services. And thus, the ability to associate a device to a specific user is key.


So this is why instead of requiring organizations to opt-in to Device Enrollment, it will instead be the default experience in the near future, unless your Mimecast administrator opts-out on behalf of your organization.


Feel free to open a dialog in the comments below if you want to discuss further.

Jason Wright is a Junior IT Administrator at H&M Bay Inc., a refrigerated logistics provider specializing in fresh and frozen commodities transported throughout the US (i.e. seafood from the northeast and northwest, produce from the south, and even gator skins!). You may also know him as one of our oldest community members and Mimecast Legend!


Prior to getting into IT, Jason was in the automotive industry where he did a little bit of everything, from tech helper in high school, to lead technician at an independent shop, to general manager of his own auto parts store.


Jason lives on Maryland’s “Eastern Shore," and was born in Baltimore. 


Could you describe your role in your company, and how Mimecast helps you with your daily work?


My role is first the helpdesk admin. I handle just about all incoming calls ranging from application issues to hardware problems. Besides managing the helpdesk, I also manage our on-premise Exchange environment, Mimecast (of course!), our Cisco wireless equipment, enterprise AV solution, and other things including computer reloads and hardware upgrades.


I have been with H&M Bay since August 2014 when I got my start in the IT industry, and have no plans on going anywhere else!


Best piece of advice/helpful pointers for one of your peers just starting off?


Take the Mimecast training, especially if you are new to Mimecast. It will allow you to get your feet on the ground and learn where to look for certain features.


After you are comfortable, join the community of course, and do the 10 Steps to Get Started with Mimecaster Central. I remember joining Mimecaster Central back in 2016. Originally, I came here looking to network and share ideas and learn some new information. From the beginning, I can say I have learned a lot from this community and its great network of individuals here.


Favorite feature of Mimecast products you couldn’t live without, or that’s been a lifesaver for you and your organization?


This is a two‐part answer! For my users and some admins, it is the Archive. I cannot tell you how many sighs of relief we hear when someone is able to find an email from a customer or shipper that helps to save the day.


However, for me personally, I love Targeted Threat Protection (TTP): Attachment Protect. Sandboxing is a great feature and we have many instances where users say “I NEED THIS ATTACHMENT.” Being able to show proof of the malicious intentions of an attachment to the users is great, but it also helps these users to share that information with the customers who may have been compromised. So essentially, to an extent, we get to save ourselves and customers. 


Favorite movie?


Hard to say. My favorite series, being a car person, is Gone in 60 Seconds (I mean, come on -- that Mustang is nice) followed closely by Law Abiding Citizen. This one is a little bit darker, but it really makes you think.




I love cooking and I get many recipes from Gordon Ramsey (we both speak in similar styles ). Anything with zucchini and I will eat it.




That is a hard one. I honestly listen to so many different types of music. If I had to choose, I would have to say Linkin Park. I'm a bit of a fanboy, having seen them live over eight times in three different states. Other than that, I listen to a lot of harder rock and like to be in mosh pits and at festivals like Rock on the Range and Mayhem Festival.




Right now, it is the MSCA for Server 2016 books for the certification I am studying for. I know...not exciting. I can't remember the last time I was able to read something out of fun that was not tech-related. Really want to read the Lord of the Rings series, though.


What keeps you busy off the clock?


A lot! It depends on the season. I am a huge baseball fan, so you have probably seen Ryan Arsenault and I go at it about the AL East at some point (go O’s!). So early spring / all of summer is baseball. I really want to start traveling to different stadiums, but college is holding me back from that currently.


In the fall/winter, when I am not an O’s or Ravens fan, I love to get into the outdoors and go hunting, especially waterfowl sport, one thing that the Maryland “Eastern Shore” is famous for.


Other than all of this, college keeps me busy. This is my second time in (first was for automotive). I recently got my AA and am working towards my Bachelors in Cyber Security, so I am definitely busy.


One thing someone here in the community wouldn’t know about you?


I am completely envious of everyone’s use of footnotes and I still need help with it!


>> Be sure to check out more Legends of Mimecast interviews in the series. 

Bob Adams is the Product Marketing Manager for Mimecast's Security portfolio. Bob joined Mimecast three years ago as a Sales Engineer, and was recently recruited to Marketing after developing various educational materials for Mimecast's services. He continues to help educate companies on protecting themselves against advanced cyber threats.


I received a very interesting, and convincing, phone call this morning from what I (spoiler alert!) ultimately determined was a scammer.


What occurred over the next 13 minutes was a lesson that can be applied to many aspects of daily life – both as an everyday person as well as a user within a company. Whether you receive a phone call, email, text, or even knock on your door, here's some important tips to keep in mind.


Tip #1: Always be suspicious


My phone rang at 8:11 in the morning, and the Caller ID showed a local area code. I answered and was greeted by Lt. Brandon Kennedy from the Middlesex County Warrants and Citation Division. This is suspicious right away, as it’s unlikely a government office will call regarding any matter.


Tip #2: Don’t give them any additional information


Lt. Kennedy is adamant I confirm that I am Robert Adams. When I refused and asked what this was about, he stated he couldn’t tell me until I confirm my identity, or there would be repercussions.


Again, I’m suspicious and always avoid giving out any personal information. However, since they’re calling, already asking for me by name, and a reverse phone number lookup would show my name in the White Pages, I conceded: “This is him.” 


Tip #3: Always question the validity of what you’re being told


I learned that a Jury Duty summons was delivered to me on Wednesday, September 25th at 2:23pm, signed for, and returned. I apparently "failed" to appear in court on my assigned day. My absence resulted in two warrants out for my arrest, and there’s a $500 post on each. Failure to resolve this today could result in my immediate imprisonment for 30-45 days. I still remained calm despite their intent to catch me off guard.


Taking notes, I realized September 25th was a Monday, and not a Wednesday. I asked him to repeat the date, year, and where it was delivered, and explain the 25th was a Monday and that his response was not my address.


Regardless of all the red flags here, my curiosity was piqued, and figured that the longer we talked, the less people he could scam (NOTE: While I’m experienced and well versed in scamming tactics, I do not recommend trying this at home!).


Tip #4: Learn from their mistakes


I explained I never received the summons and didn't recall ever having to sign for one before. He assured me the process had changed due to so many people claiming they hadn't received the notice.


To avoid arrest, I needed to “report to the Medford Sheriff’s Department at 400 Mystic Ave, 4th Floor. They cannot accept Cash, Credit, or personal information due to a high volume of transactions, and you need to get a MoneyPak voucher from Walgreens, CVS, or Rite Aid.” 


My warrants are for $500 each, which coincidentally is the maximum limit per voucher. When I ask if I can call my local Police Department to confirm there's a warrant, he assured me I can. However, he of course can’t help me with any arrests along the way there if I hang up, so it’s best if we stay on the phone until I arrive.


At this point, the ruse was up, I had my fun, and tried to engage the scammer directly. To the scammer's credit, he insisted it was not a scam and was merely trying to help. Further inquiries went unmet until he eventually hung up. 


The moral of the story here is to be suspicious, don’t give out any information, always question what you’re being told, and learn from the mistakes of these criminals to better arm yourself in the future.


RELATED CONTENTMy Grandfather was Scammed: Why User Education Reigns Supreme 

After a trip through memory lane with Mimecaster Central in 2017, we thought it would be nice for another retrospective blog...about blogs.


No, this isn't an Inception moment: We'd like to serve you up in one convenient package the top 10 most popular blogs from withinThe Mimecaster Central Blog in 2017, ranked in order of page views.


A special shout-out goes out to our customer, and Mimecaster Central champion and Legend David Ignash who's Top 10 List for New Mimecasters was the most viewed blog created in 2017, and was a hit with both Mimecast customers and employees alike!


Without further ado, here's the list:


  1. Top 10 List for New Mimecasters 
  2. Changing Careers: Mimecast as my Catalyst 
  3. Eight Years Without Net Neutrality: The View from 2024 
  4. GDPR Management for Email: New Resources   
  5. Be Prepared: Download the Mimecast Continuity Planning Manual  
  6.  Legends of Mimecast: A Q&A with CEO Peter Bauer 
  7. Mimecast 101: Troubleshooting Authentication Issues [Video] 
  8. Join Us for our First AMA (Ask Mimecast Anything) 
  9. Announcing: Sync & Recover for Exchange and Office 365 
  10. Legends of Mimecast: A Q&A with Johan Dreyer