Managing User Email Addresses

Document created by user.oxriBaJeN4 Employee on Sep 14, 2015Last modified by user.oxriBaJeN4 Employee on Jul 25, 2019
Version 17Show Document
  • View in full screen mode

This guide describes how user email addresses can be either manually or automatically managed to control access to your Mimecast account.

2 factor authentication must be disabled for users to submit email using SMTP authentication.



Email addresses represent user accounts in your environment. These addresses can be used to control your user's accounts and perform the following:

  • Assign permissions to access Mimecast user tools.
  • Set a cloud password.
  • Set specific password complexity and lockout settings.
  • Populate attributes.
  • Manually configure an alias address.
  • Assign an administrative role to a user.


During the implementation of your Mimecast account, internal domains are added and email addresses are populated in them. This can be achieved in the following ways:

  • Automatically when processing email by capturing the email addresses.
  • Manually by an administrator, either individually or via a spreadsheet Import.
  • A directory synchronization using directory connections.


Listing Your Domains / Email Addresses


To list your internal domains, and the email addresses in them:

  1. Log on to the Administration Console.
  2. Click on the Administration toolbar button.
  3. Click on the Directories / Internal Directories menu item. A list of your domains is displayed.
  4. Click on a Domain. A list of the domain's users is displayed.
    List of Internal Domain Users
The color indicators on the right show if an email address is an alias for another address. If the "Alias" indicator is green, the address is an alias. This means it inherits it's permissions from the primary address. Consequently, when viewing alias address properties, the permissions section described below is not displayed.

The following types of addresses may appear in this list, denoted by the icon to the left of the address:



Manually CreatedManually CreatedAddresses that have been added manually, or created based on email processing for a user that does not have a directory account. This could be a staff member who has left (e.g. their directory account has been deleted) or a fax machine / Unix based email address.
Created by Message in Transit

Addresses that have been "created by a message in transit" are created when a new Mimecast user sends an outbound message, (if the sending address has not yet synchronized from the Active Directory).

Once a synchronized address is deleted from Active Directory, the Mimecast address type changes from "Extracted from Directory" to "Created by Message in Transit". This helps administrators identify which users are currently being synced via Active Directory.

Extracted From DirectoryAddresses that are synchronized SMTP objects from the domain controller. For more information on synchronizing your organization's directory, view the Directory Synchronization section.
Manually ImportedAddresses created from a Spreadsheet Import.
Distribution ListSynchronized Distribution List (DL) or Security Groups with SMTP addresses from the domain controller. For more information on synchronizing your organization's directory, view the Directory Synchronization section.


Working with Email Addresses


The list of email addresses has the following buttons that provide additional functionality:

Menu OptionDescription

New Address

Allows you to create an email address. See the Email Address Properties section below for more details.
Purge Selected AddressesDeletes the selected email addresses including linked aliases. This can only be performed by an administrator with super administrator privileges. A warning will be displayed to confirm the removal of the address and all list entries. Addresses will not be purged while emails are still being processed for the address (e.g. if related emails are held). Administrators can prevent the purge from taking place by removing the address from the purge list.
Import Delegate Mailboxes

Allows you to import delegated mailboxes. Delegate mailbox access can be used to link separate email archives together. To allow delegate access, click on an email address and select the Delegate Mailbox menu option. See the End User Applications: Configuring Delegate Mailbox Access page for full details.

This button is only available when logged on as an Administrator with protected permissions.

Export Data

Export a list of email addresses to a .XLS, or CSV file.
ViewFilters the list of email addresses displayed by:
  • Show Message Generated
  • Show Directory Generated
  • Show All


Email Address Properties

Some fields listed below will not be displayed if the user's role permissions are not sufficient.

Adding or changing an email address requires you to complete the addresses properties:

  1. Either:
    • Click on the New Address button to create an email address.
    • Click on an existing Email Address.
  2. Complete the Address Settings section as required.
    Field NameDescription
    Email AddressThe field is only editable when adding an email address. As it is the unique identifier for this user and their associated email archive, the address can't be modified once it's been created, and once the email is processed for that address.
    Global NameThe full name of the email address user. This is normally displayed in the recipient's FROM field in their mail client. This field is only populated for LDAP addresses.
    Internal AddressShows whether the email address is considered to be internal or external.
    Administration Console RoleDisplays the administrative role that the user is assigned to or "None" if the user account does not belong to a role. Click on the Role Edit button to access the Role Editor.
    Address Alias ForA primary email address can have any number of alias addresses. Click on the Lookup button to assign an alias address to the primary address. This indexes emails processed for both addresses in a single archive. If this is not done, a separate archive view is created for the primary address, and another for the alias.
  3. Complete the Permissions section as required:
    Field NameDescription
    Password  / Confirm Password

    Creates a cloud password for the email address. This password can only be authenticated in Mimecast, and doesn't affect the network password in the organization's infrastructure. This password can be used for the end user services, or for POP and SMTP connections. Mimecast will first attempt to authenticate users based on the LDAP password, and then their cloud password, either of which is accepted.

    The use of non-ASCII characters in passwords is not recommended, as they may prevent user authentication.
    Force Change at LogonThis option forces the cloud password to expire. This is helpful if setting similar cloud passwords for end users, that they are required to change when they first log in.
    Password Never ExpiresPrevents the expiration of the user account’s cloud password. This is useful for administrator or system accounts.
    Maximum Reset Attempts MadeShould a user request their cloud password to be reset, a password reset code is sent to them. If they fail to enter this code successfully ten times, the password reset functionality is locked for their account. This option shows as selected in this scenario. Click on the Reset Count button to unlock the password reset functionality on their account.
    Account LockedIndicates if the user account is locked and users will not be able to log in to Mimecast. Click on the Unlock Account button to unlock an account.
    Account DisabledIf selected, users are prevented from logging in to Mimecast applications using cloud passwords. This doesn't affect email delivery to the address. If directory synchronization is enabled, we'll automatically disable Mimecast user accounts if the:
    • "useraccountcontrol" attribute is set to "0".
    • User account no longer exists in the directory.
    If directory synchronization is not used, user accounts are not affected by this process, and can be managed manually on a per user basis by checking this option.
    Archive Start Date


    Should the same email address be required for different users, and the new user shouldn't have access to the previous user's archive, this field can be used to separate the archive for the new user. For example, an employee leaves the organization (John Smith, A new employee joins the organization one month later (Jane Smith, If the address is re-allocated to the new user, Jane will have access to all the ex-employee’s archive, as they share the same email address. To prevent this, you can create a new archive for the new employee by entering an Archive Start Date. You should ensure that the Archive Start Date is the start date for the new employee, to ensure that there is no overlap in the viewable archive content.

    Allow SMTP Email SubmissionAllows users to submit emails directly to Mimecast. This is generally useful for remote users, and applies to TCP/IP port 25 and 587.
    Allow POP AccessThis option permits a user to retrieve email from a Mimecast mailbox directly, as opposed to retrieving emails from a mail server.
    Effective Group Application SettingsDisplays the name of the Application Settings Definition that applies to this email address. These settings dictate the user permissions for this email address.
  4. Click on the Save and Exit button.
Account Security Settings can be applied to user login attempts. See the User Access and Permissions options in the Your Mimecast Account Settings page for further details.
1 person found this helpful