Overview
If you’re using Mimecast security software, you can safelist PhishingBox to allow your users to receive our simulated phishing emails and system emails.
Jump to a section by clicking one of the following links:
- Creating a Permitted Senders Policy
- Greylisting in Mimecast
- Creating an Anti-Spoofing Policy
- Creating an Impersonation Protection Bypass Policy
- Creating an Attachment Protection Bypass Policy
The below section is necessary only if the associated package is activated:
Please allow each rule some time to propagate before testing. If you run into problems while safelisting in Mimecast, we suggest you first reach out directly to Mimecast for assistance.
Creating a Permitted Senders Policy
We advise creating a new Permitted Sender Policy within your Mimecast console in order to safelist PhishingBox.
WARNING: Do not edit your default Permitted Sender Policy. Instead, create a new one.
- From the Mimecast Administration console, open the Administration Toolbar.
- Select Gateway | Policies.
- Select Permitted Senders.
- Select New Policy.
- Select the below settings under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's Configuring a Permitted Senders Policy.
- Enter PhishingBox's IP Address in the Source IP Ranges field. (You can find a list of IP addresses in our Safelisting Basics article.)
| OPTION | SETTING |
| Options | |
|
Policy Narrative |
PhishingBox Permitted Senders |
| Select Option | Permit Sender |
| Emails From | |
| Addresses Based On | Both |
| Applies From | Everyone |
| Specifically | Applies to all Senders |
| Emails To | |
| Applies To | Everyone |
| Specifically | Applies to all Recipients |
| Validity | |
| Enable/Disable | Enable |
| Set policy as perpetual | Always On |
| Date Range | All Time |
| Policy Override | Checked |
| Bi-directional | Unchecked |
| Source IP Ranges (n.n.n.n/x) | PhishingBox IP addresses |
Greylisting in Mimecast
Adding PhishingBox to the permitted senders list (see above) should bypass Greylisting. However, we recommend following the below Greylisting steps to improve email deliverability.
- From the Mimecast Administration console, open the Administration Toolbar.
- Select Gateway | Policies.
- Select Greylisting.
- Click the New Policy button.
- Select the below settings under the Options, Emails From, Emails To, and Validity sections.
- Enter PhishingBox's IP Address in the Source IP Ranges Field. (You can find a list of IP addresses in our Safelisting Basics article.)
| OPTION | SETTING |
| Options | |
| Policy Narrative | PhishingBox Greylist Bypass |
| Select Option | Take No Action |
| Emails From | |
| Addresses Based On | The Return Address |
| Applies From | Everyone |
| Specifically | Applies to all Senders |
| Emails To | |
| Applies To | Everyone |
| Specifically | Applies to all Recipients |
| Validity | |
| Enable/Disable | Enable |
| Set policy as perpetual | Always On |
| Date Range | All Time |
| Policy Override | Checked |
| Bi Directional | Unchecked |
| Source IP Ranges (n.n.n.n/x) | PhishingBox IP addresses |
Creating an Anti-Spoofing Policy
If you're spoofing the From or Reply-to domain on your template, then follow the below steps in Mimecast to allow simulated phishing emails to be sent from your domain.
- From the Mimecast Administration console, open the Administration Toolbar.
- Select Gateway | Policies.
- Select Anti-Spoofing from the policies list.
- Select New Policy.
- Use the below settings under the Options, Emails From, Emails To, and Validity sections. For more information, read this article from Mimecast: Configuring an Anti-Spoofing Policy.
- Enter PhishingBox's IP Address in the Source IP Ranges Field. (You can find a list of IP addresses in our Safelisting Basics article.)
| OPTION | SETTING |
| Options | |
| Policy Narrative | PhishingBox Anti-Spoof Allow Policy |
| Select Option | Take no action |
| Emails From | |
| Addresses Based On | Both |
| Applies From | Everyone |
| Specifically | Applies to all Senders |
| Emails To | |
| Applies To | Everyone |
| Specifically | Applies to all Recipients |
| Validity | |
| Enable/Disable | Enable |
| Set policy as perpetual | Always On |
| Date Range | All Time |
| Policy Override | Checked |
| Bi Directional | Unchecked |
| Source IP Ranges (n.n.n.n/x) | PhishingBox IP addresses |
| Hostname(s) | Leave blank |
Creating an Impersonation Protection Bypass Policy
To allow PhishingBox simulated phishing emails that are from spoofed domains to reach your targets, you will want to create an Impersonation Protection Policy as well as an Anti-Spoofing Policy in the Mimecast Console.
To begin, you’ll need to make an impersonation protection definition (if not already done).
How to Create an impersonation protection definition
- From the Mimecast Administration console, open the Administration Toolbar.
- Choose Gateway | Policies.
- Hover over Impersonation Protection and click on Definitions.
- Click New Definition.
- Name the definition something unique, like "Portal Impersonation Protection Bypass Def."
- Choose the relevant settings (shown below). For more information, see Mimecast's documentation in this article: https://community.mimecast.com/docs/DOC-1908#jive_content_id_Configuring_an_Impersonation_Protection_Definition.
| OPTION | SETTING |
| Identifier settings | |
| Description | Portal Impersonation Protection Bypass Def. |
| Similar Internal Domain | Checked |
| Similar Monitored External | Unchecked |
| Similarity Distance | 1 |
| Newly Observed Domain | Unchecked |
| Internal User Name | Checked |
| Reply-to Address Mismatch | Checked |
| Targeted Threat Dictionary | Checked |
| Mimecast Threat Directory | Checked |
| Custom Threat Directory | [Leave as default] |
| Number of Hits | 2 |
| Identifier Actions | |
| Action | None |
| Tag Message Body | Unchecked |
| Tag Subject | Unchecked |
| Tag Header | Unchecked |
| General Actions | |
| Mark All Inbound Items as 'External' | Unchecked |
| Notifications | |
| Notify Group | [Leave as default] |
| Notify (Internal) Recipient | Unchecked |
| Notify Overseers | Unchecked |
How to Create an Impersonation Bypass Policy
- First, log into your Mimecast Administration Console.
- Click on Administration toolbar.
- Select Gateway | Policies.
- Select Impersonation Protection Bypass.
- Click on the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring an Impersonation Protection Bypass Policy article.
NOTE: In the Select Option field under Options, select the impersonation protection definition you want to be bypassed. If you have multiple definitions you would like to bypass, you will need to create a separate Impersonation Protection Bypass Policy for each one.
- Enter PhishingBox's IP Address in the Source IP Ranges field. (You can find a list of IP addresses in our Safelisting Basics article.)
| OPTION | SETTING |
| Options | |
| Policy Narrative | PhishingBox Impersonation Bypass |
| Select Option | Impersonation Protection Definition |
| Emails From | |
| Addresses Based On | Both |
| Applies From | External Addresses |
| Specifically | Applies to All External Senders |
| Emails To | |
| Applies To | Internal Addresses |
| Specifically | Applies to all Internal Recipients |
| Validity | |
| Enable/Disable | Enable |
| Set Policy as Perpetual | Always On |
| Date Range | All Time |
| Policy Override | Checked |
| Bi Directional | Unchecked |
| Source IP Ranges | PhishingBox IP addresses |
Creating an Attachment Protection Bypass Policy
- From the Mimecast Administration console, open the Administration Toolbar.
- Click the Administration toolbar button.
- Select Gateway | Policies.
- Select Attachment Protection Bypass.
- Click the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring an Impersonation Protection Bypass Policy article.
- Enter PhishingBox's IP Address in the Source IP Ranges field. (You can find a list of IP addresses in our Safelisting Basics article.)
| OPTION | SETTING |
| Options | |
| Policy Narrative | PhishingBox Attachment Protection Bypass |
| Select Option | Disable Attachment Protection |
| Emails From | |
| Addresses Based On | The Return Address (Email Envelope From) |
| Applies From | Everyone |
| Specifically | Applies to all Senders |
| Emails To | |
| Applies To | Address Groups |
| Profile Group | Applies to all Recipients |
| Validity | |
| Enable / Disable | Enable |
| Set policy as perpetual | Always On |
| Date Range | All Time |
| Policy Override | Checked |
| Bi Directional | Unchecked |
| Source IP Ranges | PhishingBox IP addresses |
URL Protection Bypass Policy
Mimecast's URL Protection service scans links sent within emails as they are delivered. Occasionally, this causes simulated phishing emails to trigger this service. Follow the below steps to create a URL Protection Bypass policy.
NOTE: Configuring this policy is only necessary if Mimecast URL Protection has been enabled.
- From the Mimecast Administration console, open the Administration Toolbar.
- Select Gateway | Policies.
- Select URL Protection Bypass.
- Select New Policy.
- Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast's article on Configuring a URL Protection Bypass Policy.
- Enter PhishingBox's IP Address in the Source IP Ranges field. (You can find a list of IP addresses in our Safelisting Basics article.)
| OPTION | SETTING |
| Options | |
| Policy Narrative | PhishingBox URL Protection Bypass |
| Select Option | Disable URL Protection |
| Emails From | |
| Addresses Based On | Both |
| Applies From | Everyone |
| Specifically | Applies to all Senders |
| Emails To | |
| Applies To | Internal Addresses |
| Profile Group | Applies to all Internal Recipients |
| Validity | |
| Enable/Disable | Enable |
| Set policy as perpetual | Always On |
| Date Range | All Time |
| Policy Override | Checked |
| Bi Directional | Unchecked |
| Source IP Ranges (n.n.n.n/x) | PhishingBox IP addresses |
DNS Authentication Bypass Policy
If you see that emails do not arrive in the inbox and instead go to spam or get quarantined, check to see the IP address of the sender. If the IP address is not our US or EU Phishing email mail server, then add the following. First, you'll need to set up the inbound definition and then you can create the policy. Below are instructions on how to add this policy.
Inbound Definition Setup
- Log in to your Mimecast Administration Console.
- Select the Gateway | Policies menu item.
- Click the Definitions drop-down menu and select the DNS Authentication - Inbound option.
- Select New DNS Authentication - Inbound Checks.
- Create a name for the definition and leave all options unchecked.
- Click Save and Exit to save your changes.
Inbound Policy Setup
- Log in to your Mimecast Administration Console.
- Select the Gateway | Policies menu item.
- Click the DNS Authentication - Inbound policy.
- Select New Policy.
- Select The definition created in the above step.
- For Email From section select Both, Everyone and Applies to all Senders.
- For the Emails To section select Address Groups and Email Security Admins.
- Enter the mail server IP ranges into the Source IP ranges field.
- Check the Policy Override option.
- Click Save and Exit to save the changes.