Articles in this section

See more

Prevent Users Reporting CSA E-Mails To Mimecast

Avatar
Mitchell Dyer
  • Updated
Follow

 

The Mimecast “Report Message” feature enables an end-user to report an email as per this screenshot: 

blobid0.png 

Should a User report one of the CSA specially created e-mail templates to Mimecast, then Mimecast will use their URL scanning solutions to test the safety of the e-mail and the link. In doing so, this will create a false/positive in the CSA reporting system because the link will have, in effect, been clicked as if the end-user clicked the link 

 

This document has been created to assist those organisations who have deployed this service and will outline how to create a Mimecast/Office 365 Mail Flow rule to stop these e-mails being sent to Mimecast's specific Phishing, Malware and Spam email addresses. 

 

Note: Only our specific emails will be prevented from being sent. All other suspected Malware, Phishing and Spam will be forwarded to Mimecast as you would expect. 

 

Create a Mail Flow Rule within Office 365 Exchange 

 Log into Microsoft Office with an Administrator user profile and select “Admin” 

 blobid1.png

From “Admin”, then select “Exchange” 

 blobid2.png 

From within “Exchange” either select “Mail Flow” from the left-hand menu or select “Rules” from “Mail Flow” section of the Dashboard. 

 blobid3.png

Create a new Rule: 

 blobid4.png

 

Name the rule with a logical description. We suggest “Block Outbound Mail – “CSATraining” in the body for SATT”. 

 

Within “Apply this rule if….” Select “The subject or body includes…” 

 

And add the text “CSATraining” – note: This is case-sensitive and has zero spaces. Please remember to press the “+” button so the text is listed as below. Press “OK”. 

 blobid5.png

 

Then add the “Recipient” criteria 

Within “and” (following your first rule), select “The recipient address matches…” 

Add: 

spam@mimecast.org (remember to press “+”) 

And then add: 

virusreports@mimecast.org (again, remember to press “+”) 

Finally, add:

phishing@mimecast.org (again, remember to press “+”) 

 

Under 'Do the following...' please select 'Delete the message without notifying anyone'.

 

Once you have pressed “OK”, your new rule should be complete. 

We recommend setting the “Priority as “0” (Zero) so the rule is processed first and not bypassed by other rules in your list.  

Check that “Enforce” is selected in the “Mode” rule: 

Enter a “Comments” to description to ensure you are aware of the reasoning behind this rule for future audits. 

Click “Save” and your rule is activated.  

 

You are able to check to see if the rule is working by returning to Outlook and reporting one of our emails to Mimecast. 

 

You can then complete a Message Trace to view the “Failed” delivery for all three spam@mimecast.org / virusreports@mimecast.org / phishing@mimecast.org

 

Related articles

Comments

0 comments

Please sign in to leave a comment.