Connect Process: Setting Up Your Inbound Email

Document created by user.oxriBaJeN4 Employee on Sep 21, 2015Last modified by user.oxriBaJeN4 Employee on Apr 2, 2019
Version 10Show Document
  • View in full screen mode


Having previously set up your outbound email, messages are successfully being routing outbound. You are now ready to set up inbound email to be routed through Mimecast.


External messages destined for your organization, must be directed to Mimecast, not left directed to your email server or hosted email service. Once the messages reach Mimecast, they are processed by recipient validation and other Mimecast security systems. Only once we are satisfied it is safe to do so, is the message delivered to your organization's infrastructure or hosted service.



Mimecast supports hybrid environments. As such it can deliver email for one or multiple domains to the following Exchanges:

  • Office 365
  • On Premises
  • Hosted Exchange (HEX)
  • G Suite


To set up your inbound email you need to:

  1. Create a delivery route to specify where the emails must be delivered to.
  2. Modify your MX records to direct inbound emails to your Mimecast account.


Preparing Your Environment


The steps to prepare your environment to accept email from Mimecast, depends on the type of Exchange you have. See the relevant option below for more information.

  • If your mail server is configured to restrict the IP addresses that can deliver inbound emails, ensure these are amended to include Mimecast’s data center ranges.
  • Your firewall must be configured to allow inbound SMTP traffic from Mimecast.
  • We recommend that any local inbound IP reputation or authentication scanning bypasses Mimecast's data center ranges. This ensures inbound messages from Mimecast are not incorrectly flagged as false positives. These services are provided by the default DNS Authentication Policy.

Office 365


See the Configure Inbound Delivery Routing for Office 365 page for full details.


On Premises and Hosted Exchange (HEX)


The delivery route specifies where Mimecast deliver messages to. You can configure multiple delivery routes depending on the organization's infrastructure. This can be useful to have email flow spread across a single or multiple destination email servers.

  1. Create a Delivery Route Definition to specify the destination email server details.
  2. Create a Delivery Route Policy to specify which messages are to be delivered to which servers.


We provide the ability to create custom SMTP delivery routes. These can be configured to deliver all inbound email to either an IP address or hostname.


G Suite


To add entries from the Mimecast IP ranges to your email whitelist:

  1. Log in to the Google Admin Console.
  2. Navigate to Apps | G Suite | Gmail | Advanced Settings.
  3. Highlight your Domain (top-level org) in the Organizations section.
  4. Navigate to your Email Whitelist.
  5. Add the Mimecast Data Center IP for your Mimecast account region, separating the entries with commas. See the Mimecast Data Centers and URLs page for full details.
  6. Click on the Save button.


To add the Mimecast IP ranges to your inbound gateway:

  1. Navigate to Inbound Gateway.
  2. Click on the Configure button.
    1. Enter Mimecast Gateway in the Short description.
    2. Use the Add button to enter the Mimecast Data Center IP for your Mimecast account region. See the Mimecast Data Centers and URLs page for full details.
    3. Ensure the Require TLS for Connections From the Email Gateways Listed Above option is selected.
    4. Ensure the other two options aren't selected.
  3. Click on the Add Setting button to save the change.


To configure a delivery route in Mimecast:

  1. Create a Delivery Routing Definition using the G Suite MX record value in the routing definition.
    1. Primary host: ASPMX.L.GOOGLE.COM
    2. Alternative host: ALT1.ASPMX.L.GOOGLE.COM
  2. Create a Delivery Routing Policy:

    Field  / OptionValue
    Policy NarrativeG Suite
    RouteSelect the definition created in step 1.
    Address Based OnBoth
    Applies FromEveryone (Applies to all Senders)
    Applies ToInternal Addresses (Applies to all Internal Recipients)
  3. Click on the Save and Exit button.


Modifying Your Domain's Zone File


Your organization's zone file directs Mail Exchanger (MX) traffic to a specific IP address(es) for each domain. To ensure messages are delivered to Mimecast, your zone file must be amended for the domain to add the appropriate hostnames. The Connect Team will provide these to you, or you can read the Mimecast Gateway page.

The customer Technical Point of Contact (TPOC) is responsible for completing this step of the Connect.

See Also...


1 person found this helpful