Mimecast - Spam Handling

Mimecast is Emerson IT's first line of defense against unwanted email solicitations and malicious phishing attempts. When Emerson community members email one another, it sends through Gmail. When users send from their Emerson account to an external account, or receive a message from the outside, it routes through Mimecast, which scans the email for malicious or unwanted content.

Messages that Mimecast identifies as clear, undeniable spam (like those attempting to maliciously spoof an Emerson address or that contain known, malicious links) will be dropped before delivery. Solicitations, unwanted listserves, and other type of content is held by Mimecast, and users receive an email every day at 8am and 1pm with options to release emails they don't consider spam.

The actions you can perform on a held message are:

Action Description
Release Releases the message to your Inbox.
Permit Adds the sender to the end user's personal permitted senders list, and releases the message to be sent to the recipient.
Reject Adds the sender to the end user's personal blocked senders list, and blocks the message from being sent to the recipient.

The above actions can all be done from the Mimecast spam digest emails.

You can, however, visit https://login.mimecast.com and manage your blocked and approved domains in a web interface. Log in with your email address, and when prompted, choose the option "DOMAIN" and enter your Emerson Account password.

For detailed instructions, please visit https://community.mimecast.com/docs/DOC-1341

Common Questions:

I don't like the mail filter - it blocks too many messages I need!

The messages you can permit/release in the digests are not blocked, they're held. Users have full control (and are notified twice a day) to release that mail and have 14 days to do so, and a lot of the mail that you consider false positives someone else might not. In almost all cases, these false positives are "bulk" mail, the type most people delete immediately upon receiving. Emerson IT has received a lot of feedback that the campus receives too much unwanted mail - at a certain point, cutting down on the amount of junk email the campus gets requires user control and participation. Simply be diligent in permitting domains and senders (use login.mimecast.com to do this in bulk) and the number of false positives you receive will come way down.

If I ignore a held message indefinitely, will Mimecast eventually regard it as outright spam?

No, if Mimecast only holds the message, if you take no action, it will continue to hold messages just like it and not take additional algorithmic action.

How long is a message held?

Mimecast holds messages for 14 days.

I belong to a listserv that has many recipients and they all are getting held. What do I do?

Listservs are almost always handled by listserv software, sent by a single IP address or domain. If you permit a single message, it will permit that IP/domain name for future messages.

I tried what you suggested above for my listserv but it didn't work because each sender of the listserv is from a different domain. What do I do?

Listserves that behave that way still use a single domain address in the "envelope" of the message. If you permit that domain explicitly, it will fix the issue. If you only click "permit" for one of the messages in the listserv, it won't work because you're only permitting that one person's domain.


In the example in the above image, the "mailing list" and "reply to" are set to "incommon.org." That's the domain to allow. NOT comodoca.com. To allow that, go to login.mimecast.com, log in, click "permitted" on the left, and click "add permitted" on the far right. Add the domain and click permit (in this example, incommon.org).

Will permitting a domain/IP retroactively release formerly held messages?

It will not, you would have to release those retroactively.

If I release a message, will it release for the other recipients?

It will not, the action is per user.

Someone from an Emerson account sent me an email and it got blocked/held. How did that happen?

Since internal email never goes through Mimecast, the sender used a mail server external to Emerson to send their message (Constant Contact or Mail Chimp for example). Please contact the Help Desk to request that the domain/IP address you work with be placed on the allow list.

I have a folder called "Spam" in my Emerson Gmail. What's that?

That is all mail that made it passed Mimecast that Gmail then caught as spam. It is a second layer of spam security. When you mark mail as Spam in Gmail, you are reporting it to Gmail and not Mimecast, which is a perfectly fine and easy way to report spam.

I have a message that is clearly spam that made it to my Inbox. How did that happen?

That is a VERY impressive spam message - it got through two of the world's top spam filters. Someone knows how to write a convincing message! You should first verify that it is in fact spam, and to report it and any other suspicious mail, forward the message to helpdesk@emerson.edu.

I have an IP address or domain I need placed on the allow list. Can you help?

Please contact the Help Desk to request that the domain/IP address you work with be placed on the allow list. Please know that we reserve the right to deny requests that would risk the security of our email system or pollute it with spam.

Was this article helpful?
1 out of 3 found this helpful
Have more questions? Submit a ticket