DNS Authentication in Mimecast is handled by two separate policies.
DNS Authentication Inbound – Handles whether SPF, DKIM & DMARC checks should apply and what to do when a check if failed.
DNS Authentication Outbound – Handles DKIM signing your outbound emails through Mimecast.
Both policies require a Definition to be configured first.
Inbound Definition
The Definition for Inbound DNS Authentication determines what to do when an SPF, DKIM or DMARC check fails.
- Log into your Mimecast Account at https://login.mimecast.com
- Select Administration Console
| 
|
- Go to ‘Administration > Gateway > Policies’
| 
|
- From the Definitions dropdown, select DNS Authentication Inbound
| 
|
- Select New DNS Authentication - Inbound Checks
| 
|
- Set the name (Description) for the Definition
- Tick the checkbox next to each check to take place.
- For each possible result, select the action to take place:
Take No Action: The email will continue to spam checks as normal
Ignore Managed/Permitted Sender Entries: Any Permitted Sender or Auto Allow policies applying to this email will be ignored.
Reject: The email is blocked and deleted by Mimecast.
Honor DMARC Record: Only available for DMARC Fail. Performs the action specified in the sender’s DMARC record:
Quarantine: The email is held for an Admin to release
Reject: The email is blocked and deleted by Mimecast
| 
|
- Press Save & Exit
| 
|
Inbound Policy
Once you have created your definition, you will need to create an accompanying policy to determine when it is applied.
- Log into your Mimecast Account at https://login.mimecast.com
- Select Administration Console
| 
|
- Go to ‘Administration > Gateway > Policies’
| 
|
- Click into DNS Authentication - Inbound
| 
|
- Select New Policy
| 
|
- Give the policy a name (Policy Narrative)
- Set Select Option to definition you created
| 
|
- Set the scope for the policy under Emails From and Emails To
| 
|
- Press Save & Exit
| 
|
Outbound Definition
The Definition for Outbound DNS Authentication determines the DKIM signing settings to use.
- Log into your Mimecast Account at https://login.mimecast.com
- Select Administration Console
| 
|
- Go to ‘Administration > Gateway > Policies’
| 
|
- From the Definitions dropdown, select DNS Authentication - Outbound
| 
|
- Select New DNS Authentication – Outbound Signing
| 
|
- Set the name (Description) for the Definition
- Tick the checkbox next to Sign outbound email with DKIM
- Use the Lookup option to select the Domain to use
- Enter the name for the DKIM Selector
- Press Generate
- Add the Public Key as a TXT record with your domain host at the DNS Address
- Press Check DNS
| 
|
- Press Save & Exit
| 
|
Outbound Policy
Once you have created your definition, you will need to create an accompanying policy to determine when it is applied.
- Log into your Mimecast Account at https://login.mimecast.com
- Select Administration Console
| 
|
- Go to ‘Administration > Gateway > Policies’
| 
|
- Click into DNS Authentication - Outbound
| 
|
- Select New Policy
| 
|
- Give the policy a name (Policy Narrative)
- Set Select Option to definition you created
| 
|
- Set the scope for the policy under Emails From and Emails To
| 
|
- Press Save & Exit
| 
|
