Auto Allow Policies

Document created by user.oxriBaJeN4 Employee on Sep 11, 2015Last modified by user.oxriBaJeN4 Employee on Oct 3, 2016
Version 12Show Document
  • View in full screen mode

Mimecast uses a series of reputation checks when processing inbound email. One of these checks is called Auto Allow. This relates to external email addresses that internal end users have previously sent emails to. These external addresses are stored in the Auto Allow database and are considered to be known trusted senders. Addresses in the Auto Allow database are treated similarly to those listed in the Permitted Senders list.


With an Auto Allow policy, any inbound email from a sender listed in the Auto Allow database, are not subjected to the typical IP reputation and spam checks. Instead it will only be scanned for viruses.


Auto Allow entries are:

  • Created when emails have actively been created by end users.
  • Not generated when:
    • Auto-responses are sent (including Out of Office messages).
    • Suspected spam related emails are released from the Hold Queue or using the Digest, and the recipient subsequently replies to the sender.

Auto Allow entries are configured in your Managed Senders.



Using an Auto Allow policy means that Mimecast can process inbound emails more efficiently and effectively. As this policy is “always on”, the database continues to grow. When an internal user sends a message, Mimecast captures the recipients email address and adds it to a database. When this recipient sends a message to a Mimecast customer, Mimecast checks against the database. If a match is found, the message is allowed through without applying spam checks. However virus checks are still applied. This results in inbound email processing for these senders to be faster and more efficient, and helps to avoid false positives.


Bypassing spam checks (e.g. greylisting) reduces the delivery delay of emails to internal recipients. This can reduce the number of messages placed on Hold due to content based spam scanning.

If a message is held as suspected spam, is released, and the user replies to the sender, an Auto Allow entry will not be generated.

What You'll Need


  • An Administrator Console logon with access to the ServicesGateway | Policies menu item.


Creating a Policy


To create a policy, follow the instructions in the Creating / Changing a Policy article, but using the following options:


Policy NarrativeProvide a description for the policy to allow you to easily identify it in the future.
Auto Allow Policy

Enabled by default, this policy determines if the Auto Allow List (AAL) of your account should be checked for the mail flow specified below. AAL entries are created automatically when messages are sent from internal users to outbound recipients. The recipient address is added to the AAL, so that they are marked as 'trusted'. When the external address sends a message to the internal user, your Mimecast account will check the AAL to see if the address is present. If it is, it allows the communication to bypass specific spam checks that are normally applied to the inbound email. The addition to the AAL does not apply to autoresponders (e.g. Out of Office messages).

Malware and virus scanning is always applied.

Apply Auto AllowApplies Auto Allow to the recipient's email address for all internal users. This is the default option and is the recommended setting. It avoids Greylisting and spam checks when your internal end users receive emails from this recipient.The internal user, John, sends an email to This generates an Auto Allow entry for for all internal users. Therefore if Mary sends an email to any internal users, this email bypasses spam checks.
Apply Auto Allow (Original Recipient Address)

Applies Auto Allow based on the recipient's email address that is received prior to any Address Alterations or Alias address rewrites being applied for inbound emails.

The internal user, John ( sends and email to John's email address is rewritten to which creates an Auto Allow for the When Mary replies to the email using as the recipient, John's email address is rewritten back to Use the Auto Allow (Original Recipient Address) option to ensure that the an auto allow match is found against the address, therefore causing spam checks to be bypassed.
Apply Auto Allow (Strict)Applies Auto Allow to the individual sender and recipient pair email addresses only.The internal user, John, sends an email to This generates an Auto Allow entry for address. When sends an email to John, spam checks are bypassed.
Take no actionAuto Allow entries are not generated.The internal user, John, sends an email to An Auto Allow entry is not generated. When any sender sends an email to John, the email is subjected to all spam checks.

Definition Required?



1 person found this helpful