Mimecast IPs Being Blocked by Third Party DNS Providers

Document created by user.oxriBaJeN4 Employee on Jul 7, 2017Last modified by user.oxriBaJeN4 Employee on Jul 10, 2017
Version 3Show Document
  • View in full screen mode

This guide describes the process for dealing with third party DNS providers who block Mimecast DNS lookups against their name servers.




Occasionally third party DNS providers may block Mimecast DNS lookups against their name servers, resulting in temporary delivery errors. This could be for outbound email to non-customers, or inbound emails for customers who've configured their inbound routing by hostname.




Where this issue occurs we'll:

  • Attempt to solve it with the provider on your behalf.
  • Share the name server information with you. 
  • Ask that you contact the affected recipient and report the issue to their DNS provider.


In the event we cannot resolve an external domain via DNS, we recommend you take the following steps whilst we investigate the issue further with the provider.

  1. Log in to the Administration Console.
  2. Click on the Administration toolbar menu item.
  3. Click on the Gateway | Policies menu item.
  4. Create a Delivery Routing Definition pointing to the IP address of the affected domain’s MX record. The IP can be found by using a:
    • Command line DNS query.
    • DNS lookup tool on the web.
  5. Create a Delivery Routing Policy scoped from "Everyone" to the affected domain, and apply the definition created in the previous step.
  6. Click on the Administration toolbar menu item.
  7. Click on the Monitoring | Delivery menu item.
  8. Select the messages being blocked.
  9. Click on the Recalculate Delivery Route button.


By default the messages are delivered based on the standard delivery retry schedule. If you want them processed immediately, select the messages and click on the Retry button. After a few moments, the messages will disappear from the delivery queue, indicating they've been successfully delivered.


For inbound mail, the customer can update the hostname in their existing inbound delivery definition to an IP address, and recalculate delivery routes.

1 person found this helpful