How can I identify if a company uses Mimecast or Proofpoint?

The primary method is to perform a DNS lookup for the target company's MX (Mail Exchanger) records. These records will often point to the domains of the email security provider, such as mimecast.com or pphosted.com . Additionally, examining email headers and bounce messages can reveal clues.

How do these email security measures affect my email deliverability?

Email filtering services like Mimecast and Proofpoint often place emails that don't meet their criteria into spam folders or block them entirely. This can lead to significantly lower open rates and deliverability, even for legitimate B2B communications.

What steps can I take to improve my email deliverability to companies with these filters?

Improving deliverability to companies using these filters involves maintaining a strong sender reputation, ensuring proper email authentication (SPF, DKIM, DMARC), and sending highly relevant, personalized content. Avoid generic blasts and focus on providing value to your recipients.

Can an email go through a security filter even if the MX record points to a generic provider like Microsoft?

Yes, even if a company uses a third-party email security solution, the final delivery might be managed by a major provider like Google Workspace or Microsoft 365. This often happens if the security solution acts as a gateway before passing emails to the primary mailbox provider. Bounce messages might explicitly mention the filtering service that blocked the email, even if the MX record points elsewhere.

How to identify if a company uses email filtering/security measures like Mimecast or ProofPoint? - Technical - Email deliverability - Knowledge base

Dealing with unpredictable open rates for your B2B email campaigns can be frustrating. One day, your emails might see an 80% open rate, and the next, it plummets to 2%. This often signals that your target companies are employing sophisticated email filtering and security measures. Tools like Mimecast or Proofpoint are specifically designed to filter out unwanted or malicious emails before they reach employee inboxes.

While you might not always be able to circumvent these security layers, understanding their presence is crucial for refining your account-based marketing (ABM) and account-based engagement (ABE) strategies. Knowing whether a company uses such filters allows you to tailor your content, sending frequency, and even your expectation of engagement, rather than just guessing.

This guide will walk you through various methods to identify if a company employs these robust email security solutions. By examining a company's email infrastructure, you can gain valuable insights that inform your overall email deliverability efforts.

Identifying via MX records

The simplest and often most effective way to start is by performing a DNS lookup for the target domain's MX (Mail Exchanger) records. MX records specify the mail servers responsible for accepting email messages on behalf of a domain name. These are the first point of contact for any incoming email.

When a company uses a third-party email security gateway, its MX records will typically point to the vendor's servers rather than directly to their internal mail servers. For instance, if a company uses Mimecast, you might see mimecast.com or mes.mimecast.com in their MX records. Similarly, for Proofpoint, you might see pphosted.com or proofpoint.com in the records. This provides a clear indication that an external email security service is processing their inbound mail.

Example DNS lookup using 'dig'bash

dig MX example.com

While MX records are a strong indicator, they don't always tell the whole story. Some companies use on-premise filtering solutions, or a cloud vendor might resell a service like Proofpoint under their own domain. In these cases, the MX record might not explicitly name the security provider. For a deeper dive into identifying email service providers, you can review guides on determining an email sending platform or identifying mailbox providers from email addresses.

Clues in email headers and bounce messages

Even if MX records don't directly reveal a security solution, other data points can. Email headers, particularly those prefixed with 'X-', are often added by mail servers and security systems as an email traverses the internet. These headers can contain proprietary information indicating the presence of a specific filter. For example, you might see X-Proofpoint-Sane-ID or X-Mimecast-Impersonation-Info if those services are in use.

Bounce messages are another rich source of information. When an email is rejected, the bounce message (or Non-Delivery Report, NDR) often includes details from the receiving server about why the email was not delivered. Sometimes, these messages explicitly mention the filtering service that blocked the email, or they might include error codes or phrases characteristic of a particular vendor.

It's common to see a

Microsoft MX record, for instance, return a Proofpoint rejection message. This indicates that the initial hop is Microsoft's infrastructure, but the email is then routed through Proofpoint's filtering. If you encounter issues with emails being identified as spoofed, particularly by Proofpoint, there are specific steps to resolve this.

Understanding a bounce message

Bounce messages are a crucial diagnostic tool. They provide direct feedback from the recipient's mail server about why an email failed to deliver. Look for clues like references to spam detected, policy violation, or even the names of common security vendors.

Example Bounce Message

550 5.7.1 Service unavailable; Client host [XXX.XXX.XXX.XXX] blocked using Mimecast.com

Understanding the impact of email security measures

Mimecast and Proofpoint are leading secure email gateway (SEG) solutions. They act as a protective layer between the internet and a company's internal mail servers, scrutinizing every incoming email. Their primary goal is to prevent threats like phishing, malware, spam, and Business Email Compromise (BEC) from reaching end-users. This robust protection directly impacts email deliverability, often quarantining or blocking legitimate B2B emails that don't meet their stringent criteria.

These systems employ advanced threat detection, including URL rewriting (for safe links), attachment sandboxing, impersonation protection, and deep content analysis. Because they are so effective at identifying potential threats, they can also be aggressive in filtering out emails that appear suspicious, even if they are not overtly malicious. This means legitimate marketing or sales emails might end up in junk folders, or be blocked entirely, if they trigger certain filters.

Mimecast's focus

Mimecast offers a comprehensive suite of email security features, including spam and malware protection, data archiving, and continuity. It's known for its layered defense approach, providing deep inspection of email content and attachments.

Proofpoint's focus

Proofpoint specializes in advanced threat protection, focusing heavily on preventing targeted attacks like phishing and BEC. Its solutions use machine learning to identify unusual behavior and protect against impostor emails. You can find more details in comparisons of Proofpoint and Mimecast.

Understanding how Mimecast and Proofpoint scrutinize senders and what best practices can improve inbox placement beyond simple whitelisting is crucial for marketers trying to reach B2B audiences. It often involves a combination of technical configurations and content strategy adjustments.

Strategies for B2B deliverability to secured inboxes

Identifying that a target company uses a sophisticated email filter is only the first step. The next is adapting your strategy to ensure your legitimate emails land in the inbox. This primarily revolves around building and maintaining a strong sender reputation.

Robust email authentication is non-negotiable. Ensure your SPF, DKIM, and DMARC records are correctly configured and aligned. These protocols help receiving servers verify that your emails are legitimate and prevent spoofing, which is a common trigger for security filters. Regularly monitoring your DMARC reports and checking your blacklist status (or blocklist status) is also vital.

Beyond technical configurations, content quality and engagement are paramount. Avoid spammy keywords, excessive links, or suspicious formatting. Focus on personalization, providing value, and ensuring your recipients have opted in. High engagement metrics, like opens and clicks, signal to filters that your emails are desired, improving your sender reputation over time. If you're struggling, a guide on why emails go to spam or running an email deliverability test can be helpful.

Filter behavior	Sender action
Blocking by IP/Domain Blocklist	Monitor blocklist status, maintain a clean sending reputation.
Quarantining suspicious attachments	Avoid executable files, use cloud storage links when necessary.
Flagging impersonation attempts	Implement strong DMARC policies and ensure alignment.
Filtering B2B marketing emails to junk	Focus on high-value, personalized content and segment lists.

Best practices for bypassing email filters

Sender reputation: Maintain a high sender score by avoiding spam complaints and bounces.
Authentication: Always use SPF, DKIM, and DMARC to authenticate your emails.
Content optimization: Write clear, concise content that provides value and avoids promotional language triggers.
List hygiene: Regularly clean your email lists to remove inactive or invalid addresses.

Views from the trenches

Best practices

Always perform MX record lookups for target domains to identify primary email security vendors.

Analyze email headers and bounce messages for hidden clues about filtering solutions.

Prioritize robust email authentication (SPF, DKIM, DMARC) to build sender trust.

Common pitfalls

Assuming all Microsoft MX records mean no third-party filtering is present.

Neglecting to analyze bounce messages for explicit filter rejections.

Sending generic, mass emails that trigger spam filters due to lack of personalization.

Expert tips

A combination of MX record analysis, header inspection, and bounce log review provides the most accurate picture of a recipient's email security.

Even if a company uses advanced filters, a strong sender reputation and highly relevant content can significantly improve inbox placement.

Consider segmenting your B2B lists based on identified filter types to tailor your approach for each group.

Expert view

Expert from Email Geeks says understanding MX records provides insight into first-hop MTAs, often revealing filter providers, but addressing the root cause of filtering remains essential.

2023-01-04 - Email Geeks

Expert view

Expert from Email Geeks says MX records are a good starting point for filter classification, covering 75-80% of a list, but bounce logs are needed for a complete picture due to complex or on-premise filters.

2023-01-04 - Email Geeks

Refining your B2B email strategy

Identifying whether a company uses advanced email filtering solutions like Mimecast or Proofpoint provides crucial intelligence for your B2B email marketing efforts. While no single method is foolproof, combining MX record lookups, email header analysis, and bounce message interpretation offers a comprehensive approach. This knowledge empowers you to adjust your strategies, improve your sender reputation, and ultimately enhance your email deliverability, leading to more successful ABM and ABE campaigns.