0

I recently received a DMARC report for a domain where it showed that 15 emails appeared to be sent from mimecast.co.za servers but were not SPF or DKIM aligned. I saw the same problem for another domain - where emails were originating from mimecast.com under unknown sources (not SPF or DKIM aligned). Neither server uses Mimecast, and they are set up differently using different hosting providers and mail servers.

Is it possible for Mimecast servers to be used to send spoof emails, considering they are an email security and management service provider?

What are the potential reasons for Mimecast servers to send spoof emails, apart from actual spoofing?

Do Mimecast run regular security tests on random mail servers?

Here are the details from the DMARC email digests:

Domain 1 enter image description here

Domain 2 enter image description here

We can (and have) updated the DMARC record to set the policy from none to reject so we avoid seeing Mimecast servers under "Unknown Sources" in the digest emails. The question I have is why are they appearing. I am reaching out because I have no experience with Mimecast and their community and support is only available to customers.

Dagmar
  • 2,968
  • 23
  • 27
  • Have you considered these entries you see are caused by forwarding rules, where the original recipient of your email has a mimecast implementation, but is forwarding emails automatically to external recipients? DKIM might survive such a forwarding behaviour, if present and the signed headers are not changed in any way in transit. – Reinto May 16 '23 at 10:11
  • Thanks! Sorry, I should have put in that I did think it could be forwarding rules. The reason I don't think that's the answer is that domain 1 is very small and they sent 14 emails from their mail server (compared to 15 emails coming from mimecast). Domain 2 is a much larger domain and in their DMARC digest emails there was a separate section for Forwarded email sources. – Dagmar May 16 '23 at 10:44
  • I do remember seeing some mimecast setups in front of some other Mailbox Service Providers, where Mimecast is used as the inbound SPAM filtering tool. But, the Mailbox Service Provider would then report Mimecast as the sending servers in their DMARC aggregate reports. I'm sorry I can't remember the exact details, but it might be worth investigating. – Reinto May 16 '23 at 11:43

0 Answers0