Suped

Summary

Emails bouncing with a "550 Rejected by header based Anti-Spoofing policy" message from Mimecast indicate that the recipient's Mimecast security gateway is identifying your emails as potentially spoofed or unauthorized. This often happens when an email appears to originate from an internal domain but is sent via an external service provider, leading Mimecast to suspect an attempt at impersonation. Even if your standard email authentication protocols like SPF, DKIM, and DMARC are correctly configured, Mimecast's internal policies can still flag the email. The core issue usually lies in Mimecast's perception of emails originating from a domain it manages, but arriving from an unexpected external source.

Suped DMARC monitor
Free forever, no credit card required
Get started for free
Trusted by teams securing millions of inboxes
Company logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logo

What email marketers say

Email marketers frequently encounter Mimecast's anti-spoofing policies when sending emails that, despite being legitimate, appear suspicious to the system. This often arises when external sending platforms are used for domains that Mimecast manages internally. The primary challenge for marketers is navigating these security measures without direct control over the recipient's Mimecast configuration, necessitating close collaboration with the recipient's IT team.

Marketer view

Email marketer from Email Geeks explains that the core challenge often lies in figuring out what built-in header policies Mimecast could have that would reject emails before they even reach the customer's queue. The available Mimecast documentation might not always provide immediate solutions, making direct investigation difficult.

24 Nov 2020 - Email Geeks

Marketer view

Email marketer from Email Geeks suggests that even if standard authorization headers are correct and there isn't a strict DMARC policy, the issue persists. They mention trying to ensure SPF alignment and attempting a policy override in Mimecast, though these actions may not always resolve the problem if messages don't appear to be reaching Mimecast at all.

24 Nov 2020 - Email Geeks

What the experts say

Email deliverability experts recognize Mimecast's anti-spoofing as a sophisticated layer of defense, often catching legitimate emails that deviate from expected mail flow patterns. While robust, these policies require precise configuration to avoid blocking valid senders. Experts emphasize the importance of understanding not just standard email authentication but also how specific security gateways like Mimecast interpret and enforce sender identity, especially for internal domains sending externally.

Expert view

Email expert from Word to the Wise emphasizes that domain alignment is critical for preventing spoofing alerts. They note that many anti-spoofing systems specifically check for discrepancies between the visible "From" address and the underlying sending domain, blocking messages when these don't align properly.

12 Feb 2024 - Word to the Wise

Expert view

Email expert from Spam Resource states that overly aggressive anti-spoofing policies can lead to legitimate mail being blocked. They advise administrators to carefully balance security with usability, often through the strategic implementation of policy exceptions for known and trusted external senders.

01 Jan 2024 - Spam Resource

What the documentation says

Mimecast's official documentation highlights that its anti-spoofing policies are a crucial component of its email security architecture, specifically designed to combat internal and direct domain spoofing. These policies analyze email headers to determine if a message claiming to be from an internal domain is indeed originating from an authorized source. The documentation provides clear guidelines for administrators on how to configure, review, and create exceptions within these policies to ensure legitimate email flow while maintaining robust security.

Technical article

Mimecast's documentation for "Policies - Configuring Anti-Spoofing" explains that anti-spoofing policies are essential for blocking unwanted spoof emails and protecting internal domains. It details how administrators can configure these policies to allow legitimate senders while preventing malicious attempts to impersonate internal users or domains. This involves setting specific actions for detected spoofing attempts.

10 Aug 2023 - Mimecast

Technical article

The Zendesk article on Configuring Anti-Spoofing Policies for Mimecast outlines that to address messages triggering an anti-spoofing policy, administrators should create an Anti-Spoofing policy. This policy should be configured to take "no action" for the sender's address or IP address, effectively creating an exception for legitimate mail flow that would otherwise be blocked.

10 Aug 2023 - Mimecast

9 resources

Start improving your email deliverability today

Get started