Mimecast - Spam Handling

Mimecast is Emerson IT's first line of defense against unwanted email solicitations and malicious phishing attempts. When Emerson community members email one another, it sends through Gmail. When users send from their Emerson account to an external account or receive a message from the outside, it routes through Mimecast, which scans the email for malicious or unwanted content.

Messages that Mimecast identifies as clear, undeniable spam (like those attempting to maliciously spoof an Emerson address or that contain known, malicious links) will drop before delivery. Solicitations, unwanted listserves, and other types of content are held by Mimecast, and users receive an email every day at 8 am and 1 pm with options to release emails they don't consider spam.

The actions you can perform on a held message are:

Action Description
Release Releases the message to your Inbox.
Permit Adds the sender to the end user's personal permitted senders list, and releases the message to be sent to the recipient.
Reject Adds the sender to the end user's personal blocked senders list, and blocks the message from being sent to the recipient.

You can complete the above actions from the Mimecast spam digest emails.

You can, however, visit login.mimecast.com and manage your blocked and approved domains in a web interface. Log in with your Emerson email, and complete the Duo authentication. (Note: Mimecast may require your Emerson password. When prompted, choose the option DOMAIN and enter your Emerson Account password.)

An image of the Mimecast domain login screen.

For detailed instructions, please visit Mimecast's Message Center guide


Common Questions

I don't like the mail filter—it blocks too many messages I need!

The messages you permit/release in the digests are not blocked, they're held. Users have full control (and receive notifications twice a day) to release that mail and have 14 days to do so. A lot of the mail that you consider false positives someone else might not. In almost all cases, these false positives are "bulk" mail, the type most people delete immediately upon receiving. Emerson IT received a lot of feedback that the campus receives too much-unwanted mail—at a certain point, cutting down on the amount of junk email the campus gets requires user control and participation. Simply be diligent in permitting domains and senders (use login.mimecast.com to do this in bulk) and the number of false positives you receive will come way down.

If I ignore a held message indefinitely, will Mimecast eventually regard it as outright spam?

No, Mimecast only holds the message. If you take no action, it will continue to hold messages just like it and not take additional algorithmic action.

How long is a message held?

Mimecast holds messages for 14 days.

I belong to a listserv that has many recipients and they all are getting held. What do I do?

Listservs are almost always handled by listserv software, sent by a single IP address or domain. If you permit a single message, it will permit that IP/domain name for future messages.

I tried what you suggested above for my listserv but it didn't work because each sender of the listserv is from a different domain. What do I do?

Listserves that behave that way still use a single domain address in the "envelope" of the message. If you permit that domain explicitly, it will fix the issue. If you only click permit for one of the messages in the listserv, it won't work because you're only permitting that one person's domain.


In the example above, the mailing list and reply to are set to "...@incommon.org." This is the domain to allow NOT "...@comodoca.com." To do so: go to login.mimecast.com > log in > click Permitted on the left > and click Add Permitted on the far right. In the pop-up window, add the domain (in this example, "incommon.org") and click Permit.

Image of the Mimecast permission pop-up window.

Will permitting a domain/IP retroactively release formerly held messages?

It will not, you would have to release those retroactively.

If I release a message, will it release for the other recipients?

It will not, the action is per user.

Someone from an Emerson account sent me an email and it got blocked/held. How did that happen?

Since internal email never goes through Mimecast, the sender used a mail server external to Emerson to send their message (Constant Contact or Mail Chimp for example). Please contact the Help Desk to request that the domain/IP address you work with be placed on the allow list.

I have a folder called "Spam" in my Emerson Gmail. What's that?

That is all mail that made it through Mimecast but Gmail then caught as spam. It is the second layer of spam security. When you mark your mail as Spam in Gmail, you are reporting it to Gmail and not Mimecast, which is a perfectly fine and easy way to report spam.

I have a message that is clearly spam that made it to my Inbox. How did that happen?

That is a VERY impressive spam message—it got through two of the world's top spam filters. Someone knows how to write a convincing message! First, verify that it is in fact spam, and then report it (and any other suspicious mail) by forwarding the message to helpdesk@emerson.edu.

I have an IP address or domain I need on the allow list. Can you help?

Please contact the Help Desk to request that the domain/IP address you work with be placed on the allow list. Please know that we reserve the right to deny requests that would risk the security of our email system or pollute it with spam.

Was this article helpful?
1 out of 3 found this helpful
Have more questions? Submit a ticket