Inbound Email Not Going Through Mimecast?
In an ideal set up using exchange and Mimecast, all inbound mail should be seen by Mimecast so it can perform security and other functions. We’ve seen that a large percentage of Mimecast customers are actually not configured this way.
Mimecast has KB articles about this but may or may not mention at the time of implementation. You can see here https://mimecastsupport.zendesk.com/hc/en-us/articles/34000358773523-Connect-Process-Microsoft-365-Mail-Lockdown
Mimecast calls this the “lockdown” connector. It is done via a mail flow connector in exchange 365 and can be done with on-prem versions of mail servers and gmail as well.
This step is often overlooked but is extremely important because if mail finds it’s way around Mimecast, your intended security is severely compromised.
We see this occurring in 2 ways.
You still have other MX records outside of your Mimecast MX record. Mail will still use those records and bypass Mimecast. We see this most often with 365 mx records.
The sender is configured to send directly to your record. This is arguably even more dangerous because it’s intending to go around Mimecast and is very easy to do. Your office 365 MX record can be on historical DNS tools ( free ) or easily guessed as they follow a simple format ( yourdomain-com.mail.protection.outlook.com )
You can actively check to see what’s going around Mimecast by using the reporting tool for mailflow maps in Office365. It’s slow but it works.
Follow Mimecast’s guide on how to lock down! If you need help just let us know. Sometimes you need to allow more than just Mimecast if you have other special routes coming in.
