During the implementation process we implement a security feature that prevents mail servers which aren't owned by you, from using us as an open relay. We add at least one IP address to your authorized outbounds, based on the information provided in the Request for Information (RFI) when your Mimecast account is created. These IP addresses are the only ones that Mimecast will accept outbound email from. You can have multiple authorized outbounds, but networks cannot be added.
If you are using dynamic IP addresses for outbound email, we'll not add any authorized outbounds to your account. Instead, you'll need to configure SMTP authentication for your SMTP connector / send connector to enforce authentication with us. This means that when sending outbound email, we'll only accept emails based on successful authentication.
Viewing Your Authorized Outbounds
To view your authorized outbounds:
- Log on to the Administration Console.
- Click on the Administration toolbar button. A menu drop down is displayed.
- Click on the Gateway | Authorized Outbounds menu item. A list of all configured IP addresses is displayed.
- If your authorized outbounds are linked to other shared IP accounts (i.e. Office 356, or G Suite), a message will show at the top of the Authorized Outbounds page as follows: "Your account is configured to process traffic from Office 365 / G Suite."
An open relay is a mail server used by spammers to send emails, even though these messages are not originating from the internal environment. By default, we configure Block Sender Policies, to prevent any external address originating from your authorized outbound, from sending emails to another external address. In other words we only accept emails from addresses belonging to your configured internal domains.
Confirming Your Outbound IP address
To confirm your outbound IP address:
- Log on to your mail server.
- Open a new browser window.
- Navigate to http://www.whatismyip.com. This displays the internet routable (public) address for your mail server.