How to use Mimecast Custom Monitored External Domains
Within Mimecast you have the ability to protect against lookalike domains to any that are closely resembling your own but also any that closely resemble external domains as well.
This can be useful in detecting any outside entities from impersonating domains that you regularly do business in order to trick the end user.
For your own internal domains you are able to simply press a button to enable this protection but when it comes to external domains you must list out which domains you wish to find.
This is where Mimecast Custom Monitored External Domains comes into play. You may have noticed this configuration while configuring Impersonation Protection.
We consider this to be an advanced policy which not all customers may be interested in as the larger the list of domains gets and the more email that is received, the more false positives you may encounter, leading to administrative overhead. However, with proper auditing and attention you can compile a list of legitimate senders and bypass them before you ever take action with a policy.
For an Impersonation Protection policy you can use a 1 hit policy which looks for these domains and take no action by selecting the Check Custom Monitored External Domains box within the policy definition. Impersonation Protection is special however, in that it is the only policy type that allows multiple policies to apply to the same email.
In URL protection you will need to alter your existing policy to Check Custom Monitored External Domains where you can then set the action to warn or none in order to audit.
If you wish to get help with this just let us know!