For every inbound, outbound, or internal message processed, Mimecast provides the following views:
- Receipt view displays information relating to when Mimecast accepted/received the message.
- Delivery view displays information relating to when Mimecast delivered the message.
These views are useful when troubleshooting email delivery, or investigating a possible spam message. Both views provide the details of the sender, recipient, mail servers, dates, times, and email components. They also show an event (receipt or delivery) which ties in with how and why Mimecast either accepted the message or delivered it to the next mail server.
- The receipt event is useful to determine why Mimecast accepted a potential spam email.
- The delivery event can be used to confirm that an email has been delivered to the next hop mail server. It also displays all the policies that matched traffic flow when the email was processed. This helps identify why an email was handled in a certain way, or when testing new policies.
Viewing the Receipt / Delivery Views
The receipt and delivery information is available for all messages that have been processed by Mimecast, including emails in the archive. The date the email was processed determines where the email can be viewed.
To view the receipt/delivery view for a non-archived message:
- Log on to the Administration Console.
- Click on the Administration toolbar menu item.
- Select the Message Center | Accepted Messages menu item. A list of messages is displayed.
- Click on a Message to open it.
See the Message Center: Accepted Messages page for full details.
To view the receipt/delivery view for an archived message:
- Click the Administration | Archive | Archive Search menu item. A list of messages is displayed.
- Click on the Message to open it. The email is opened in the Receipt View with the message's header and body information displayed.
- Click either the:
- View | View Message Retention menu item to display information on the message's retention and audit information.
- View | View Receipt Information menu item to display the message and component information.
- View | View Transmission Body menu item to return to the default header and body information view.
A message's receipt information includes the following:
|Receipt Event||Displays how the email was received by Mimecast (e.g. Authorized IP, Permitted Sender list, Open Greylist, Auto Allow List). See the Receipt Events section below for more details.|
|Message Expires On||Displays the date the message will be purged from Mimecast based on your configured content retention periods.|
|Message Expires In||Displays the number of days remaining before the message is purged based on your configured content retention periods.|
|Processing Server||Displays the Mimecast service that processed the email.|
|Transmission Size||Displays the cumulative binary size in bytes of each component of the email transmission, including encoding.|
|Binary Email Size||Displays the cumulative binary size in bytes of each component of the email transmission.|
|Remote IP||Displays the IP address of the sending server that connected to Mimecast.|
|Remote Host||Displays the hostname of the sending server that connected to Mimecast.|
|Remote Greeting||Usually displays the SMTP domain name (or IP address) of the sending server.|
|Receipt Acknowledgment||Displays the acknowledgment issued by Mimecast to indicate that the email was accepted.|
|Transmission Started||Displays the date and exact time that the transmission of the email started.|
|Transmission Ended||Displays the date and exact time that the transmission of the email ended.|
|Transmission Duration||Displays the total email transmission time in milliseconds.|
|Encryption Information||Displays whether the email was sent using TLS encryption or another method.|
Each message's receipt information includes a receipt event. This specifies how or why the message was received by Mimecast. These include:
|Email Received||A generic email receipt that is no longer in use.|
|Email Received via Webmail||The message was sent from the Mimecast Personal Portal (MPP).|
|Email Received via Outlook Connector||An obsolete event no longer used by the MTA.|
|Email Received via DR SMTP Submission||The message was sent by an Outlook connector.|
|File Archive Email Received||The received message was a file archiving request.|
|Email Received via SysEmail Loopback||The received message is a loopback notification generated by the MTA. This allows full message processing (e.g. stationery) on notifications.|
|Email Received via IM||The message was an IM request.|
|Email Received via SendToMe||The message was a SendToMe request.|
|Email Received via Journal Connector||The message was received as a journaled message.|
|Email Received via LFS||The received message contained a Large File Send (LFS) request.|
|Email Received via LFR||The received message contained a Large File Receive (LFR) request.|
|Journal Email Received by Journal Connector||The email has been received/retrieved from the journal mailbox.|
|Email Received via System Postmaster||An obsolete event no longer used by the MTA.|
|Email Received via Authorized IP Address||The sending IP address is configured as an Authorized Outbound IP address within your Mimecast account (applies to outbound mail)|
|Email Received via Authorized SMTP||The message was sent through Mimecast using SMTP Authentication. Usually applies to POP3 / SMTP domains or customers that have configured SMTP authentication from the SMTP connectors on their mail server.|
|Email Received Through Known IP Address with Spam Checks||The message was received from a known IP address, but it is marked as inbound.|
|Email Received via Validated SPF Domain||The received message was sent from a domain that has passed SPF validation.|
|Email Received via Permitted IP Address||The sending IP address of the message is listed in a Permitted Senders Policy. This applies to inbound email.|
|Email Received via Permitted Sender||A Permitted Senders Policy is configured to always bypass spam checks for the sender’s address or domain, based on the Return Address (Email Envelope From).|
|Email Received via Header Based Permitted Sender||A Permitted Senders Policy is configured to always bypass spam checks for the sender’s address or domain, based on the Message From Address (Message Header From)|
|Email Received via Permitted IP||An inbound message was sent from a white listed IP address.|
|Email Received via Auto Allow List||The senders email address is trusted by your Mimecast local reputation system (i.e. someone has sent a message to this address previously. This applies to inbound email.|
|Email Received via Auto Allow List - Sampled for Spam / Virus||An obsolete event no longer used by the MTA.|
|Email Received via Header Based Auto Allow List||An Auto Allow Policy is configured to apply to the Message From Address (Message Header From).|
|Email Received via Manual Permitted Sender||A user has added the sender’s address or domain to their Permitted Sender list, either by using the digest or select Mimecast user services.|
|Email Received via Header Based Manual Permitted Sender||The message was accepted based on P2 header white list checks.|
|Email Received via Open Greylist||The message has passed local Greylisting checks. This applies to inbound email only.|
|Email Received via RWL Greylist Bypass||The message was not subjected to greylisting, because the server sending the message is listed in Mimecast’s global bypass list.|
|Email Received - Perimeter Checks Not Set||The message has passed through Mimecast, due to there being no inbound Greylisting Policy enabled, or there is a Take No Action greylisting policy applying to the address/domain.|
|Email Received - RBL Check Bypassed Due to Known IP Address||The message was received from a known IP address, and the real-time blacklist checks were bypassed.|
|Email Received - Possible Spam (Tagged)||The message is suspected to be spam and was tagged as spam.|
|Email Received - Possible Spam (Hold)||The message is suspected to be spam and was held.|
|Email Received - Possible Spam (Tag and Hold)||The message is suspected to be spam and was held and tagged as spam.|
|Email Received - Possible Junk (Tagged)||The message is suspected to be junk mail and was tagged as junk.|
|Email Received - Possible Junk (Tag and Hold)||The message is suspected to be junk mail and was held and tagged as junk.|
|Outbound Email Received - Possible Spam (Notify)||The message is suspected to be spam, and a notification was created to alert administrators.|
|Outbound Email Received - Possible Spam (Hold)||The message is suspected to be spam and was held.|
|Email Received - Possible Porn Image Embedded||An obsolete event no longer used by the MTA.|
|Email Received - Possible Spam Message and Porn Image Embedded||An obsolete event no longer used by the MTA.|
|Email Generated via Group Carbon Copy||This message is a copy of another message, that was created to be sent to a recipient specified by a Group Carbon Copy Policy.|
|Email Received via Open Greylist - Suspicious||The email has passed local greylisting checks, but one of the relay servers involved in the transmission of the mail is not trusted by the Mimecast Global Reputation system (applies to inbound mail only)|
|Email Received - DMARC Check Failed|
The email was not DMARC compliant, so SPF and DKIM were both invalid. This can mean two things:
Queue Detail Status
Additional information is available in the receipt Information for non-archived messages, and specifically for those that have not been successfully delivered. The Queue Detail Status field displays information about why an email has not been delivered to the intended recipient. For example, it
- Was bounced by the next hop.
- Is in the delivery queue.
- Is in the hold queue based on matching a spam scanning policy (e.g. messages with the receipt event)
- Has an Email Received via Open Greylist event, and may still be held by Mimecast Spam Scanning Policies.
These messages are accessible in the Accepted Message view, as they have not yet reached their final state (i.e. been successfully delivered). Messages are only archived once they are released, deleted, or rejected from the hold queue.
Envelope From Address
Newsletter and marketing companies often mask the true sending address of an email. This means an email may appear to come from firstname.lastname@example.org, when the real address is something like email@example.com. This masked sending address is referred to as the Header FROM address, and the true sending address is referred to as the Envelope FROM address. Mimecast policies are by default based on the Envelope FROM address.
When creating policies based on external addresses (inbound email) always use the envelope FROM address or domain. You can identify this address by using the Receipt View. The Envelope FROM address is listed after the Viewing RECEIPT from text.
If the policy is applied to an email, there are two end effects:
- The message is not replicated to Mimecast through Folder Sync.
- The message is not displayed in delegate mailboxes.This policy does not apply retrospectively, but will only take effect when the message is sent through Mimecast (or uploaded through Journaling and Ingestion).
The email is still accessible to the user in their mailbox Archive Search, and to Administrators through the Administration Console Archive Search or eDiscovery Cases.
Delivery information is available for inbound and outbound messages, and displays the details when Mimecast delivered the email. Each email delivered has a delivery event, that details how the message was delivered by Mimecast.
A message's delivery information includes the following:
|From Envelope Address||The envelope FROM address (the sender)|
|To Envelope Address||The envelope TO address (the recipient)|
|Message Route||How the email was received (internal, outbound, internal)|
|Delivery Event *||How the email was delivered (via MX lookup, routing policy, etc.)|
|Message Expires On||The date that the message will be purged from Mimecast (based on your configured content retention periods)|
|Message Expires In||The amount of days remaining before the message is purged (based on your configured content retention periods)|
|Processing Server||The Mimecast service that processed the email|
|Transmission Size||The cumulative binary size in bytes of each component of the email transmission – including encoding|
|Remote IP||The IP address of the remote server where the email was delivered to|
|Remote Host||The hostname of the remote server that the mail was delivered to|
|Remote Greeting||The SMTP greeting banner that the remote server presented|
|Receipt Acknowledgment||The acknowledgment that the remote server issued to indicate that email delivery was accepted (Note: this information is important when proving delivery of an email)|
|Transmission Started||The date and exact time that the transmission of the email started|
|Transmission Ended||The date and exact time that the transmission of the email ended|
|Transmission Duration||The total email transmission time in milliseconds|
|Encryption Information||Details whether the email was sent using TLS encryption or not|
Each message's delivery information includes a delivery event. This specifies how or why the email was delivered by Mimecast. These include:
|Email Generated by File Archiving||The message has been processed for File Archiving.|
|Email Delivery Aborted||An obsolete event no longer used by the MTA.|
|Email Delivery Aborted - Soft Bounce||Mimecast has attempted to deliver the message according to the retry schedule, but delivery hasn't been successful and the message has timed out.|
|Email Delivery Aborted - Hard Bounce||The remote mail server has rejected the message with a SMTP 500 error code. See the Mimecast SMTP Error Codes page for further details.|
|Email Delivery Aborted - Delivery Hold Dropped||An obsolete event no longer used by the MTA.|
|Email Delivery Aborted - Damaged Email||The message was marked as damaged and couldn't be exported or delivered. This may happen due to missing files, addresses, domains, etc.|
|Email Delivered||An obsolete event no longer used by the MTA.|
|Email Delivered to Mailbox||The message was delivered to the user's mailbox located on the Mimecast server. Applies to POP3 domains only.|
|Delivered to CCM Isolation Area||A Closed Circuit Messaging (CCM) Policy was applied to an outbound message, and the message was successfully delivered using CCM.|
|Email Delivered to Mailbox Forwarding Address||The message was forwarded to another mailbox in the Mimecast account. Applies to POP3 domains only.|
|Email Delivered via MX Resolution||The message was delivered using the MX record of the recipient's domain.|
|Email Delivered to Forwarding Address via MX resolution||The message was forwarded to another email address, and was delivered using the MX record of the recipients domain.|
|Email Delivered via Routing Rule||The message was delivered using a Forwarding Address Policy in the Mimecast account.|
|Email Delivered to Forwarding Address via Routing Rule||The message was forwarded to another email address, and was delivered using a Forwarding Address Policy in the Mimecast account.|
|Delivered to Space||An obsolete event no longer used by the MTA.|
|Delivered to Space Command||An obsolete event no longer used by the MTA.|
|Delivered to Journal||The message was journaled and has been processed. The message isn't delivered to a remote server.|
|Delivery Dropped||Message delivery couldn't be completed (e.g. the recipient's server wasn't available) and we won't try delivering the message again. This usually happens after 30 retries.|
|LFS Delivery Accepted||Large File Send was used to transmit a notification with the original email body, and a separate set of notifications to access the attachments|