Configuring Auto Allow Policies

Document created by user.oxriBaJeN4 Employee on Sep 11, 2015Last modified by user.oxriBaJeN4 Employee on Apr 2, 2019
Version 21Show Document
  • View in full screen mode

Auto Allow policies allow inbound mail to be processed more efficiently and effectively by circumventing spam checks. External email addresses that internal end users have previously sent emails to are stored in an 'Auto Allow database'. When the external address sends a message to the internal user, Mimecast checks the database to see if the address is present. If so, the message bypasses the usual spam checks applied to inbound mail. 

Auto Allow policies are created by default during the Mimecast Implementation process. Exceptions can be made via Auto Allow Creation policies if needed.

Usage Considerations

Consider the following before getting started:

  • An Auto Allow policy entry is automatically deleted if no emails are sent to the address for 120 days.
  • Auto Allow database entries are configured in Managed Senders. A definition is not required.
  • As this policy is “always on”, the database continues to grow. When an internal user sends a message, Mimecast captures the recipient's email address and adds it to the database.
  • Any inbound message from a sender listed in the Auto Allow database is not subjected to the typical IP reputation and spam checks. However, it will still be scanned for viruses.
  • Bypassing spam checks (e.g. greylisting) reduces the delivery delay of emails to internal recipients, thereby reducing the number of messages on Hold.
  • Auto Allow database entries are not generated when:
    • Auto-responses are sent (including Out of Office messages).
    • Suspected spam related messages are released, and the recipient subsequently replies to the sender.


Configuring an Auto Allow Policy


To configure an Auto Allow policy:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A menu drop down is displayed.
  3. Click on the Gateway | Policies menu item. The Gateway Policy Editor is displayed. 
  4. Click on Auto Allow. A list of policies is displayed.
  5. Either select the:
    • Policy to be changed.
    • New Policy button to create a policy.
  6. Complete the Options section as required:
    Policy NarrativeProvide a description for the policy to allow you to easily identify it in the future.
    Auto Allow Policy

    Enabled by default, this policy determines if the Auto Allow List (AAL) of your account should be checked for the mail flow specified below. AAL entries are created automatically when messages are sent from internal users to outbound recipients. When the external address sends a message to the internal user, Mimecast will check the AAL to see if the address is present. If it is, the message bypasses spam checks normally applied to inbound mail. 

    Malware and virus scanning is always applied.
    Apply Auto Allow
    This is the default option and is the recommended setting.
    Applies Auto Allow to the recipient's email address for all internal end users, avoiding spam checks when users receive mail from this recipient.The internal user, John, sends an email to This generates an Auto Allow entry for for all internal users. Therefore if Mary sends an email to any internal users, this email bypasses spam checks.
    Apply Auto Allow (Original Recipient Address)

    Applies Auto Allow based on the recipient's email address that is received prior to any Address Alterations or address rewrites being applied for inbound mail.

    An internal user, John ( sends a message to, which is added to John's Auto Allow list. However John's email address is rewritten to (e.g. by an Address Alteration policy) when it's sent. As Mary is not all on the Auto Allow list for the email address, her reply to that address means that the Auto Allow policy doesn't apply and spam checks aren't bypassed. 
    Apply Auto Allow (Strict)Applies Auto Allow to the sender and recipient pair email addresses only.The internal user, John, sends an email to This generates an Auto Allow entry for address. When emails John, spam checks are bypassed.
    Take no actionAuto Allow entries are not generated.The internal user, John, sends an email to An Auto Allow entry is not generated. When any sender sends an email to John, the email is subjected to all spam checks.
  7. Complete the Emails From and Emails To sections as required:
    Field / OptionDescription
    Addresses Based OnSpecify the email address characteristics the policy is based on. This option is only available in the "Emails From" section. The options are:
    The Return Address (Mail Envelope From)This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission).
    The Message From Address (Message Header From)Applies the policy based on the masked address used in the message's header.
    BothApplies the policy based on either the Mail Envelope From or the Message Header From whichever matches. When both match, the specified value the Message Header From will be used.
    Applies From / ToSpecify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:
    EveryoneIncludes all email users (i.e. internal and external). This option is only available in the "Emails From" section.
    Internal AddressIncludes only internal organization addresses.
    External AddressIncludes only external organization addresses. This option is only available in the "Emails From" section.
    Email DomainEnables you to specify a domain name to which this policy is applied. The domain name is entered in the Specifically field.
    Address GroupsEnables you to specify a directory or local group. If this option is selected, click on the Lookup button to select a group from the Profile Group field. Once a group has been selected, you can click on the Show Location field to display the group's path.
    Address AttributesEnables you to specify a predefined Attribute. The attribute is selected from the Where Attribute drop down list. Once the Attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts.
    Individual Email AddressEnables you to specify an SMTP address. The email address is entered in the Specifically field.
  8. Complete the Validity section as required:
    Field / OptionDescription
    Enable / DisableUse this to enable (default) or disable a policy. If a date range has been specified, the policy will automatically be disabled when the end of the configured date range is reached.
    Set Policy as PerpetualIf the policy's date range has no end date, this field displays "Always On" meaning that the policy never expires.
    Date RangeUse this field to specify a start and / or end date for the policy. If the Eternal option is selected, no date is required.
    Policy OverrideThis overrides the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type are configured with an override.
    Bi-DirectionalIf selected the policy is applied when the policy's recipient is the sender, and the sender is the recipient.
    Source IP Ranges (n.n.n.n/x)Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
  9. Click on the Save and Exit button.


See Also...


5 people found this helpful