Creating / Changing a Permitted Senders Policy

Document created by user.oxriBaJeN4 Employee on Sep 12, 2015Last modified by user.oxriBaJeN4 Employee on Apr 25, 2017
Version 8Show Document
  • View in full screen mode

A permitted senders policy ensures inbound emails bypass security checks (reputation and spam checks) but does not override virus checks. It can be used to ensure emails are delivered directly to internal recipients, without the risk of the message being rejected or placed in the held queue. Permitted senders policies have the same affect as Auto Allow Policies, and can be used to reduce false positives.


A permitted senders policy referring to an empty profile group is created during the Connect process, which administrators can populate with email addresses or domains. End users can also create personal entries that apply to their mailbox only. This can be achieved Using a Digest, or when logged onto the Mimecast Personal Portal or Mimecast for Outlook.

Permitted sender policies are applied after Block Senders policies. This means that a domain or email address that has been added to both a blocked senders and permitted senders policy will be rejected.

It is not necessary to create permitted sender policies for all trusted senders. They are only required if a sender is having difficulty sending emails to your end users.




A Permitted Senders policy can be configured to ensure successful delivery of inbound emails from trusted sources. This means that messages from those senders will bypass reputation and spam checks, and avoids the possibility of the message being rejected by Mimecast or placed in the Hold for Review queue. This is useful in situations where the senders' mail server is listed in an RBL, or for emails that are being flagged by Mimecast content checks.


Using a group enables you to minimize the number of permitted sender policies you have in place, reducing administration overhead. Instead, one policy can reference a group containing multiple addresses or domains. The only time that a specific policy is required, is if the domain entry contains a wildcard. This requires a separate policy in order to permit by IP (everyone to everyone).


What You'll Need


  • An Administrator Console logon with access to the Administration | Gateway | Policies menu item.


Creating / Changing a Policy


To create / change a policy, follow the instructions in the Creating / Changing a Policy article, but using the following options:


Policy NarrativeProvide a description for the Policy to allow you to easily identify it in the future.
Permitted Sender Policy

Specify whether to permit the sender or take no action.


Definition Required?



2 people found this helpful