Configuring Permanent MX Resolution Failure Policies

Document created by user.oxriBaJeN4 Employee on Apr 25, 2016Last modified by user.oxriBaJeN4 Employee on Apr 2, 2019
Version 6Show Document
  • View in full screen mode

Permanent MX Resolution Failure policies allow you to specify a threshold of delivery attempts. After the threshold is reached, an outbound message is hard bounced if the MX resolution performed by the Mimecast Message Transfer Agent (MTA) results in a permanent failure. Occurrences of bounced deliveries can be found under the Bounces section.


There are two types of bounces:

  • Hard bounces: The recipient server has rejected the communication.
  • Soft bounces: The MTA has reached the final retry.


Usage Considerations


Consider the following before getting started:

  • Permanent MX resolution failures are typically observed for non-existing / unknown domains. To check if MX resolution for a domain is likely to result in a permanent failure, you can use free online tools like MX Toolbox.
    • If the transcript option reports there was “NO_ERROR”, even when reporting a time-out, the domain does exist.
    • If the transcript reports there was a “NAME_ERROR”, it is likely that a permanent failure was encountered, and the domain is unknown.
  • By default the Mimecast MTA issues a delivery warning notification to the internal sender of a message, if delivery failed to the recipient server after six attempts. This equates to one hour after sending. If the Mimecast MTA can't deliver a message in 30 delivery attempts, which equates to 4 days after sending, it issues a delivery failure notification to the sender. Such a retry cycle is common for MTAs in order to cater for transient issues.
  • If delivery fails, you can instruct the Mimecast MTA to take items out of the outbound delivery queue faster than the four day period. This is achieved by using a Permanent MX Resolution Failure Policy, but only if the recipient domain is truly unknown (e.g. it hasn't been registered). This is useful when the internal sender has misspelled the recipient domain. By hard bouncing the message earlier, the internal recipient will realize the mistake sooner.


Configuring a Permanent MX Resolution Failure Policy

To configure a Permanent MX Resolution Failure policy:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A menu drop down is displayed.
  3. Click on the Gateway | Policies menu item.
  4. Click on Permanent MX Resolution Failure. A list of policies is displayed.
  5. Either select the:
    • Policy to be changed.
    • New Policy button to create a policy.
  6. Complete the Options section as required:
    Policy NarrativeProvide a description for the policy to allow you to easily identify it in the future.
    Number of Delivery Attempts

    Set the number of delivery attempts after which a message will be hard bounced should MX resolution result in a permanent failure (typically observed for non-existing domains). Supported values are from 0 to 30.

  7. Complete the Emails From and Emails To sections as required:
    Field / OptionDescription
    Addresses Based OnSpecify the email address characteristics the policy is based on. This option is only available in the "Emails From" section. The options are:
    The Return Address (Mail Envelope From)This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission).
    The Message From Address (Message Header From)Applies the policy based on the masked address used in the message's header.
    BothApplies the policy based on either the Mail Envelope From or the Message Header From whichever matches. When both match, the specified value the Message Header From will be used.
    Applies From / ToSpecify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:
    EveryoneIncludes all email users (i.e. internal and external). This option is only available in the "Emails From" section.
    Internal AddressIncludes only internal organization addresses.
    External AddressIncludes only external organization addresses. This option is only available in the "Emails From" section.
    Email DomainEnables you to specify a domain name to which this policy is applied. The domain name is entered in the Specifically field.
    Address GroupsEnables you to specify a directory or local group. If this option is selected, click on the Lookup button to select a group from the Profile Group field. Once a group has been selected, you can click on the Show Location field to display the group's path.
    Address AttributesEnables you to specify a predefined Attribute. The attribute is selected from the Where Attribute drop down list. Once the Attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts.
    Individual Email AddressEnables you to specify an SMTP address. The email address is entered in the Specifically field.
  8. Complete the Validity section as required:
    Field / OptionDescription
    Enable / DisableUse this to enable (default) or disable a policy. If a date range has been specified, the policy will automatically be disabled when the end of the configured date range is reached.
    Set Policy as PerpetualIf the policy's date range has no end date, this field displays "Always On" meaning that the policy never expires.
    Date RangeUse this field to specify a start and / or end date for the policy. If the Eternal option are selected, no date is required.
    Policy OverrideThis overrides the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type are configured with an override.
    Bi-DirectionalIf selected the policy is applied when the policy's recipient is the sender, and the sender is the recipient.
    Source IP Ranges (n.n.n.n/x)Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
  9. Click on the Save and Exit button.


See Also...