To determine what actions should be taken against an email when it is processed by the Mimecast Gateway, your account will have a set of both Policies and Definitions.



Policies are the settings for when a particular action should occur. Policies set the scope of when it should trigger and who it will trigger for, such as emails from a particular domain or emails to a specific user. A policy will have an attached Definition which defines what will happen when it is triggered.

With the exceptions of Content Examination and Impersonation Protection, only 1 policy will apply of a particular type for an email. When determining which policy to use, Mimecast will order them by specificity, applying the most specific policy to that email. As such, an email scoped to a particular user will apply over a policy applying to everyone. You can enable the Policy Override option in a policy to prioritise a particular policy.

You can find the available policies in the Mimecast Admin Console under ‘Administration > Gateway > Policies’.



Definitions are the settings for what actions to take when a policy is triggered.

Not all policy types have definitions that can be edited. Those that can be are located under ‘Administration > Gateway > Policies’ in the Definitions dropdown.