Mimecast Whitelisting

Permitted Senders Policy

To successfully whitelist our phishing and training-related emails when using Mimecast, you should Create a new Permitted Sender policy to allow our phishing and training-related emails through to your users' inbox.

Important:

Do not edit your default Permitted Sender policy. A new one must be created.

Follow the steps below to allow Curricula emails to arrive successfully in your users' inboxes.

  1. Log on to your Mimecast Administration Console.
  2. Click the Administration toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select Permitted Senders from the list of policies displayed.
  5. Select the New Policy button.
  6. Select the appropriate policy settings under the OptionsEmails FromEmails To, and Validity sections. For more information on these settings see Mimecast's Configuring a Permitted Senders Policy article (opens in a new window). 
  7. In the Source IP Ranges field, enter the appropriate IP ranges for your Curricula account's location. For the most up-to-date list of our IP addresses, please see this article

Be sure to save the policy. We suggest setting up a test campaign for yourself or a small group of Learners to ensure the policy works as intended, before sending a campaign to all of your users.

 

Attachment Protection Bypass Policy

If you'd like to use attachments in your simulated phishing tests, follow the steps below to increase the likelihood that emails with attachments from Curricula will successfully arrive in your users' inboxes. Mimecast may still prevent the delivery of attachments. Set up a test after creating this policy to ensure your desired attachment goes through.

  1. Log on to your Mimecast Administration Console
  2. Click the Administration toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select Attachment Protection Bypass from the list of policies displayed.
  5. Select the New Policy button.
  6. Select the appropriate policy settings under the OptionsEmails FromEmails To, and Validity sections. For more information on these settings, see Mimecast's Configuring Attachment Protection Bypass Policies article.
  7. In the Source IP Ranges field, enter the appropriate IP addresses for Curricula. To see an up to date list of addresses and domains, sign into the Curricula platform and navigate to User>Account>Settings>Phishing

Be sure to save this new policy. After allowing time for this new rule to propagate, we recommend setting up a phishing campaign for yourself or a small group of Learners to test out the various attachment types

 

URL Protection Bypass Policy

Mimecast's URL Protection service scans and checks links in emails upon delivery. This can sometimes result in false positives for your phishing security tests. Follow the steps below to create a URL Protection Bypass policy for accurate phishing security test results.

  1. Log on to your Mimecast Administration Console
  2. Click the Administration toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select URL Protection Bypass from the list of policies displayed.
  5. Select the New Policy button.
  6. Select the appropriate policy settings under the OptionsEmails FromEmails To, and Validity sections. For more information on these settings, see Mimecast's Configuring a URL Protection Bypass Policy article (opens in a new window). 
  7. In the Source IP Ranges field, enter the appropriate IP addresses for Curricula. To see an up to date list of addresses and domains, sign into the Curricula platform and navigate to User>Account>Settings>Phishing

Be sure to save the policy. We suggest setting up a test campaign for yourself or a small group of Learners to ensure the policy works as intended, before sending a campaign to all of your users.

 

Impersonation Protection Bypass Policy

If you’re sending emails purporting to come from users/domains that look like they are internal to your organization, you'll want to create an Impersonation Protection Policy in your Mimecast console.

Follow the steps below to first create an Impersonation Protection Definition, then Impersonation Protection Bypass policy.

Impersonation Protection Definition

  1. Log on to your Mimecast Administration Console.
  2. Click the Administration toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select the Impersonation Protection option from the list of definitions displayed.
  5. Select the New Definition button.
  6. Name your Definition something descriptive such as "Curricula Impersonation Protection Bypass Definition."
  7. Select the appropriate definition settings under the Identifier SettingsIdentifier ActionsGeneral Actions, and Notifications sections, shown below. For more information on these settings, see Mimecast's Configuring an Impersonation Protection Definition article.

Be sure to save this definition before creating your Impersonation Protection Bypass Policy.

 

Impersonation Protection Bypass Policy

  1. Log on to your Mimecast Administration Console.
  2. Click the Administration toolbar button.
  3. Select the Gateway | Policies menu item.
  4. Select Impersonation Protection Bypass from the list of policies displayed.
  5. Select the New Policy button. 
  6. Select the appropriate policy settings under the OptionsEmails FromEmails To, and Validity sections. For more information on these settings, see Mimecast's Configuring an Impersonation Protection Bypass Policy article.
    NOTE: In the Select Option field under Options, use the Impersonation Protection Definition you created (above).
  7. In the Source IP Ranges field, enter the appropriate IP addresses for Curricula. To see an up to date list of addresses and domains, sign into the Curricula platform and navigate to User>Account>Settings>Phishing

Be sure to save the policy. We suggest setting up a test campaign for yourself or a small group of Learners to ensure the policy works as intended, before sending a campaign to all of your users.

You can contact us anytime by submitting a support request using the link below: 

support@curricula.com