The Mimecast “Report Message” feature enables an end-user to report an email as per this screenshot:
Should a User report one of the CSA specially created e-mail templates to Mimecast, then Mimecast will use their URL scanning solutions to test the safety of the e-mail and the link. In doing so, this will create a false/positive in the CSA reporting system because the link will have, in effect, been clicked as if the end-user clicked the link
This document has been created to assist those organisations who have deployed this service and will outline how to create a Mimecast/Office 365 Mail Flow rule to stop these e-mails being sent to Mimecast's specific Phishing, Malware and Spam email addresses.
Note: Only our specific emails will be prevented from being sent. All other suspected Malware, Phishing and Spam will be forwarded to Mimecast as you would expect.
Create a Mail Flow Rule within Office 365 Exchange
Log into Microsoft Office with an Administrator user profile and select “Admin”
From “Admin”, then select “Exchange”
From within “Exchange” either select “Mail Flow” from the left-hand menu or select “Rules” from “Mail Flow” section of the Dashboard.
Create a new Rule:
Name the rule with a logical description. We suggest “Block Outbound Mail – “CSATraining” in the body for SATT”.
Within “Apply this rule if….” Select “The subject or body includes…”
And add the text “CSATraining” – note: This is case-sensitive and has zero spaces. Please remember to press the “+” button so the text is listed as below. Press “OK”.
Then add the “Recipient” criteria
Within “and” (following your first rule), select “The recipient address matches…”
Add:
spam@mimecast.org (remember to press “+”)
And then add:
virusreports@mimecast.org (again, remember to press “+”)
Finally, add:
phishing@mimecast.org (again, remember to press “+”)
Under 'Do the following...' please select 'Delete the message without notifying anyone'.
Once you have pressed “OK”, your new rule should be complete.
We recommend setting the “Priority” as “0” (Zero) so the rule is processed first and not bypassed by other rules in your list.
Check that “Enforce” is selected in the “Mode” rule:
Enter a “Comments” to description to ensure you are aware of the reasoning behind this rule for future audits.
Click “Save” and your rule is activated.
You are able to check to see if the rule is working by returning to Outlook and reporting one of our emails to Mimecast.
You can then complete a Message Trace to view the “Failed” delivery for all three spam@mimecast.org / virusreports@mimecast.org / phishing@mimecast.org
Comments
0 comments
Please sign in to leave a comment.