Auto Allow policies allow inbound mail to be processed more efficiently and effectively by circumventing spam checks. External email addresses that internal end users have previously sent emails to are stored in an 'Auto Allow database', and are considered known trusted senders. Auto Allow policies are created by default during the Mimecast Implementation process, however exceptions can be made via Auto Allow Creation policies if needed.
Consider the following before getting started:
- An auto allow entry is automatically deleted if no emails are sent to the address for 120 days.
- Auto Allow database entries are configured in Managed Senders. A definition is not required.
- As this policy is “always on”, the database continues to grow. When an internal user sends a message, Mimecast captures the recipients email address and adds it to the database.
- Any inbound message from a sender listed in the Auto Allow database is not subjected to the typical IP reputation and spam checks. However it will still be scanned for viruses.
- Bypassing spam checks (e.g. greylisting) reduces the delivery delay of emails to internal recipients, thereby reducing the number of messages on Hold.
- Auto Allow database entries are not generated when:
- Auto-responses are sent (including Out of Office messages).
- Suspected spam related messages are released, and the recipient subsequently replies to the sender.
Configuring an Auto Allow Policy
To configure an Auto Allow policy:
- Log on to the Administration Console.
- Click on the Administration menu item. A menu drop down is displayed.
- Click on the Gateway | Policies menu item. The Gateway Policy Editor is displayed.
- Click on Auto Allow. A list of policies is displayed.
- Either select the:
- Policy to be changed.
- New Policy button to create a policy.
- Complete the Options section as required:
Option Description Policy Narrative Provide a description for the policy to allow you to easily identify it in the future. Auto Allow Policy
Enabled by default, this policy determines if the Auto Allow List (AAL) of your account should be checked for the mail flow specified below. AAL entries are created automatically when messages are sent from internal users to outbound recipients, so that the recipient address is marked as 'trusted'. When the external address sends a message to the internal user, Mimecast will check the AAL to see if the address is present. If it is, the message bypasses spam checks normally applied to inbound mail.
Malware and virus scanning is always applied.
Option Description Example Apply Auto Allow
This is the default option and is the recommended setting.
Applies Auto Allow to the recipient's email address for all internal end users, avoiding spam checks when users receive mail from this recipient. The internal user, John, sends an email to firstname.lastname@example.org. This generates an Auto Allow entry for email@example.com for all internal users. Therefore if Mary sends an email to any internal users, this email bypasses spam checks. Apply Auto Allow (Original Recipient Address)
Applies Auto Allow based on the recipient's email address that is received prior to any Address Alterations or address rewrites being applied for inbound mail.
An internal user, John (firstname.lastname@example.org) sends a message to email@example.com, which is added to John's auto allow list. However John's email address is rewritten to firstname.lastname@example.org (e.g. by an Address Alteration policy) when it's sent. As Mary is not all on the auto allow list for the email@example.com email address, her reply to that address means that the auto allow policy doesn't apply and spam checks aren't bypassed. Apply Auto Allow (Strict) Applies Auto Allow to the sender and recipient pair email addresses only. The internal user, John, sends an email to firstname.lastname@example.org. This generates an Auto Allow entry for email@example.com address. When firstname.lastname@example.org emails John, spam checks are bypassed. Take no action Auto Allow entries are not generated. The internal user, John, sends an email to mimecast.com. An Auto Allow entry is not generated. When any mimecast.com sender sends an email to John, the email is subjected to all spam checks.
- Complete the Emails From and Emails To sections as required:
Field / Option Description Addresses Based On Specify the email address characteristics the policy is based on. This option is only available in the "Emails From" section. The options are: Option Description The Return Address (Mail Envelope From) This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission). The Message From Address (Message Header From) Applies the policy based on the masked address used in the message's header. Both Applies the policy based on either the Mail Envelope From or the Message Header From whichever matches. When both match, the specified value the Message Header From will be used. Applies From / To Specify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are: Option Description Everyone Includes all email users (i.e. internal and external). This option is only available in the "Emails From" section. Internal Address Includes only internal organization addresses. External Address Includes only external organization addresses. This option is only available in the "Emails From" section. Email Domain Enables you to specify a domain name to which this policy is applied. The domain name is entered in the Specifically field. Address Groups Enables you to specify a directory or local group. If this option is selected, click on the Lookup button to select a group from the Profile Group field. Once a group has been selected, you can click on the Show Location field to display the group's path. Address Attributes Enables you to specify a predefined Attribute. The attribute is selected from the Where Attribute drop down list. Once the Attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts. Individual Email Address Enables you to specify an SMTP address. The email address is entered in the Specifically field.
- Complete the Validity section as required:
Field / Option Description Enable / Disable Use this to enable (default) or disable a policy. If a date range has been specified, the policy will automatically be disabled when the end of the configured date range is reached. Set Policy as Perpetual If the policy's date range has no end date, this field displays "Always On" meaning that the policy never expires. Date Range Use this field to specify a start and / or end date for the policy. If the Eternal option are selected, no date is required. Policy Override This overrides the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type are configured with an override. Bi-Directional If selected the policy is applied when the policy's recipient is the sender, and the sender is the recipient. Source IP Ranges (n.n.n.n/x) Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
- Click on the Save and Exit button.