Configuring Permitted Senders Policies

Document created by user.oxriBaJeN4 Employee on Sep 12, 2015Last modified by user.oxriBaJeN4 Employee on Jun 20, 2019
Version 19Show Document
  • View in full screen mode

Permitted Senders policies ensure successful delivery of inbound messages from trusted sources. Messages from permitted senders bypass our reputation and spam checks, avoiding the possibility of being rejected or placed in the hold queue. This is useful in situations where the sender's mail server is listed in an RBL, or for messages flagged by our content checks.

View the Policy Specificity page for more information regarding the order in which Mimecast applies policies to emails.

Usage Considerations


Consider the following before creating a policy:

  • It isn't necessary to create a policy for all trusted senders, only if a sender is having difficulty sending messages to your end users.
  • End users have a personal permitted sender list. These are managed by them Using a Digest, or when logged onto the Mimecast Personal Portal or Mimecast for Outlook.
  • Referencing a user group enables you to minimize the number of Permitted Sender policies you need. The only time a specific policy is required is if the domain entry contains a wildcard. This requires a separate policy in order to permit by IP (everyone to everyone). 
  • Block Senders policies always supersede over Permitted Senders policies. This means that messages from a domain or email address that are added to both a Blocked AND Permitted Senders policy are rejected. These policies don't override default virus checks.
  • An entry on a user’s blocked senders list in Managed Senders, whether it has been added by an administrator or a user, is always superseded by a Permitted Senders policy.
  • If you have Targeted Threat Protection - Attachment Protection enabled, we recommend selecting the "Dynamic Configuration" Attachment Protect Delivery Options setting when configuring a definition. This takes the onus away from the administrator by giving control to users to decide who to permit. View the Attachment Protection definitions and policies page for more information.


Configuring a Permitted Senders Policy

To configure a Permitted Senders policy:

  1. Log on to the Administration Console.
  2. Select the Administration toolbar menu item.
  3. Select the Gateway | Policies menu item. 
  4. Select Permitted Senders.
  5. Either select the:
    • Policy to be changed.
    • New Policy button to create a policy.
  6. Complete the Options section as required:
    Policy NarrativeEnter a description for the policy to allow you to identify it.
    Permitted Sender Policy

    Specify whether to permit the sender or take no action.

  7. Complete the Emails From and Emails To sections as required:
    Field / OptionDescription
    Addresses Based OnSpecify the email address characteristics the policy is based on. This option is only available in the "Emails From" section. The options are:
    The Return Address (Mail Envelope From)This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission).
    The Message From Address (Message Header From)Applies the policy based on the masked address used in the message's header.
    BothApplies the policy based on either the Mail Envelope From or the Message Header From whichever matches. When both match, the specified value the Message Header From will be used.
    Applies From / ToSpecify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:
    EveryoneIncludes all internal and external users. This option is only available in the "Emails From" section.
    Internal AddressIncludes only internal addresses.
    External AddressIncludes only external addresses. This option is only available in the "Emails From" section.
    Email DomainEnables you to specify a domain name to which this policy is applied. The domain name is entered in the Specifically field.
    Address GroupsEnables you to specify a directory or local group. If this option is selected, click on the Lookup button to select a group from the Profile Group field. Once a group has been selected, you can click on the Show Location field to display the group's path.
    Address AttributesEnables you to specify a predefined Attribute. The attribute is selected from the Where Attribute drop down list. Once the Attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts.
    Individual Email AddressEnables you to specify an SMTP address. The email address is entered in the Specifically field.
  8. Complete the Validity section as required:
    Field / OptionDescription
    Enable / DisableEnables (default) or disables the policy. If a date range has been specified, the policy is automatically disabled when the end of the configured date range is reached.
    Set Policy as PerpetualIf the policy's date range has no end date, this field displays "Always On" meaning that the policy never expires.
    Date RangeUse this field to specify a start and / or end date for the policy. If the Eternal option is selected, no date is required.
    Policy OverrideThis overrides the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type are configured with an override. See the Security Systems page for the order that policies are applied.
    Bi-DirectionalIf selected the policy is applied when the policy's recipient is the sender, and the sender is the recipient.
    Source IP Ranges (n.n.n.n/x)Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
  9. Click on the Save and Exit button.

See Also...


6 people found this helpful