Best Practice
When a new domain is added to your Mimecast account, it is recommended that the Default Anti-Spoofing checkbox is enabled. This will automatically create an Anti-Spoofing policy that contains the settings below. If this was not done when the domain was registered in Mimecast, you could follow the steps below to apply a Default Anti-Spoofing policy.
All of your Internal Domains should be covered by one of the following:
- A policy set to Apply Anti-Spoofing (Excluding Mimecast IPs), either individually or within a Profile Group.
- A Take No Action policy/policies to Allow any legitimately spoofed mail restricted to the source IPs.
To configure an Anti-Spoofing policy:
- Log on to the Mimecast Administration Console.
- Navigate to Gateway | Policies.
- Click on Anti-Spoofing. A list of policies is displayed.
- Click on New Policy. For further details on completing the basic policy criteria, see the Mimecast KB article: Policy Basics: From / To / Validity.
- Complete with the following settings:
| Field / Option | Required configuration |
|---|---|
| Policy Narrative | Enter a name for the policy. |
| Select Option | Apply Anti-Spoofing (Exclude Mimecast IPs) |
| Addresses Based On | Both |
| Applies From | Email Domain |
| Specifically | Enter the internal domain that you want to protect from spoofing. |
| Applies To | Internal Addresses |
| Specifically | Applies to all Internal Recipients |
| Enable / Disable | Enable |
| Set policy as perpetual | Always On |
| Date Range | All time |
| Policy Override | Disabled |
| Bi-Directional | Disabled |
| Source IP Ranges (n.n.n.n/x) |
Leave the text box blank. Note: You will never need to specify an IP address when applying Anti-Spoofing checks under normal circumstances. |
| Hostname(s) |
Leave the text box blank. Note: You will never need to specify a Hostname when applying Anti-Spoofing checks under normal circumstances. |
- Click Save and Exit.
A bypass policy can be created to allow spoofing emails from specified IP addresses or hostnames. All other spoof emails will be blocked if the correct default Anti-Spoofing policies are set up for your internal domains.
| Note: | Items highlighted in bold are the recommended default setting for most customers. |
| Field / Option | Required configuration |
|---|---|
| Policy Narrative | Enter a name for the policy. |
| Select Option | Take No Action |
| Addresses Based On | Both |
| Applies From |
Everyone Note: For additional security, you can be more specific and restrict it to a domain or individual address if you wish. |
| Specifically |
Applies to all Internal Senders Note: Unless you're specifying an individual address or domain. |
| Applies To |
Everyone Note: For additional security, you can be more specific and restrict it to an internal domain or internal email address if you wish. |
| Specifically |
Applies to all Internal Recipients Note: Unless you're specifying an individual address or domain. |
| Enable / Disable | Enable |
| Set policy as perpetual | Always On |
| Date Range | All time |
| Policy Override | Enabled |
| Bi-Directional | Disabled |
| Source IP Ranges (n.n.n.n/x) | Tighten this policy's security by entering the sending server's public IP address or address range in CIDR format. The policy will only trigger when the IP matches. |
| Hostname(s) | Less commonly used; however, you can restrict this policy by utilizing the sending servers' publicly visible hostname. The policy will only trigger when the Hostname matches. |
Comments
0 comments
Article is closed for comments.