Permitting Senders from Sendgrid to Mimecast

Sendgrid is a commonly used smtp provider that provides email tools and allows businesses to send email without using their own infrastructure. It is often used for mass marketing and business services but can be effective for sending spam emails and phishing as well.

To avoid business disruption, our customers can find themselves creating a permitted sender policy for sendgrid.net which opens the door for email from anyone using the platform. A permitted sender entry does allow the necessary emails to be received through the spam, RBL, and graylisting filters but it also creates unnecessary risk by allowing users of Sendgrid to phish and spam without consequence.

We have noticed that one of the primary reasons mail might be held coming from Sendgrid is their reputation black list checks can pass or fail. A fail results in action being taken against the mail such as being held.

There are options for creating policy which will allow only the desired email through.

1.       Use a header based permit sender entry that allows the spoofed domain or email address through. In this case you will be narrowing down the permitted emails because you are not allowing the envelope address of sendgird.net but instead only permitting emails you are expecting.

2.       If RBL is the problem you can create a permit sender for sendgrid.net that only permits a failed RBL and not spam or graymail.

You do not want to create a permit sender for sendgrid.net to your Mimecast if avoidable. If you are having difficulty in configuring a usable solution please contact us.

If neither of the provided solutions will work for your use case there are alternatives using more complex policies such as content examination.