Team: Huntress Managed Security Awareness Training (SAT)
Product: Mimecast
Environment: Email settings
Summary: Allowlist Phishing and training emails using Mimecast
Permitted Senders Policy
To successfully allowlist our phishing and training-related emails when using Mimecast, you should Create a new Permitted Sender policy to allow our phishing and training-related emails through to your users' inbox.
Important:
Do not edit your default Permitted Sender policy. A new one must be created.
Follow the steps below to allow Managed SAT emails to arrive successfully in your users' inboxes.
- Log on to your Mimecast Administration Console.
- Click the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select Permitted Senders from the list of policies displayed.
- Select the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings see Mimecast's Configuring a Permitted Senders Policy article (opens in a new window).
- In the Source IP Ranges field, enter the appropriate IP ranges for your Managed SAT account's location. To see an up to date list of addresses and domains, sign into the Managed SAT platform and navigate to UserAccountSettingsPhishing or visit Generic Mail Server Allowlisting
- 18.205.140.116 (Phishing Server)
- 168.245.36.66 (Training Server)
Be sure to save the policy. We suggest setting up a test campaign for yourself or a small group of Learners to ensure the policy works as intended, before sending a campaign to all of your users.
Attachment Protection Bypass Policy
If you'd like to use attachments in your simulated phishing tests, follow the steps below to increase the likelihood that emails with attachments from the Managed SAT will successfully arrive in your users' inboxes. Mimecast may still prevent the delivery of attachments. Set up a test after creating this policy to ensure your desired attachment goes through.
- Log on to your Mimecast Administration Console
- Click the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select Attachment Protection Bypass from the list of policies displayed.
- Select the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring Attachment Protection Bypass Policies article.
- In the Source IP Ranges field, enter the appropriate IP addresses for the Managed SAT.
- To see an up to date list of addresses and domains, sign into the STA platform and navigate to UserAccountSettingsPhishing or visit Generic Mail Server Allowlisting
- 18.205.140.116 (Phishing Server)
- 168.245.36.66 (Training Server)
Be sure to save this new policy. After allowing time for this new rule to propagate, we recommend setting up a phishing campaign for yourself or a small group of Learners to test out the various attachment types
URL Protection Bypass Policy
Mimecast's URL Protection service scans and checks links in emails upon delivery. This can sometimes result in false positives for your phishing security tests. Follow the steps below to create a URL Protection Bypass policy for accurate phishing security test results.
- Log on to your Mimecast Administration Console
- Click the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select URL Protection Bypass from the list of policies displayed.
- Select the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring a URL Protection Bypass Policy article (opens in a new window).
- In the Source IP Ranges field, enter the appropriate IP addresses for the Managed SAT.
- To see an up to date list of addresses and domains, sign into the the Managed SAT platform and navigate to UserAccountSettingsPhishing or visit Generic Mail Server Allowlisting
- 18.205.140.116 (Phishing Server)
- 168.245.36.66 (Training Server)
Be sure to save the policy. We suggest setting up a test campaign for yourself or a small group of Learners to ensure the policy works as intended, before sending a campaign to all of your users.
Impersonation Protection Bypass Policy
If you’re sending emails purporting to come from users/domains that look like they are internal to your organization, you'll want to create an Impersonation Protection Policy in your Mimecast console.
Follow the steps below to first create an Impersonation Protection Definition, then Impersonation Protection Bypass policy.
Impersonation Protection Definition
- Log on to your Mimecast Administration Console.
- Click the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select the Impersonation Protection option from the list of definitions displayed.
- Select the New Definition button.
- Name your Definition something descriptive such as "SAT Impersonation Protection Bypass Definition."
- Select the appropriate definition settings under the Identifier Settings, Identifier Actions, General Actions, and Notifications sections, shown below. For more information on these settings, see Mimecast's Configuring an Impersonation Protection Definition article.
Be sure to save this definition before creating your Impersonation Protection Bypass Policy.
Impersonation Protection Bypass Policy
- Log on to your Mimecast Administration Console.
- Click the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select Impersonation Protection Bypass from the list of policies displayed.
- Select the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring an Impersonation Protection Bypass Policy article.
NOTE: In the Select Option field under Options, use the Impersonation Protection Definition you created (above). - In the Source IP Ranges field, enter the appropriate IP addresses for the Managed SAT. To see an up-to-date list of addresses and domains, sign into the ST platform and navigate to UserAccountSettingsPhishing or visit Generic Mail Server Allowlisting
- 18.205.140.116 (Phishing Server)
- 168.245.36.66 (Training Server)
Be sure to save the policy. We suggest setting up a test campaign for yourself or a small group of Learners to ensure the policy works as intended before sending a campaign to all of your users.