If you’re using Mimecast as your email security gateway, you’ll need to create several allow-list policies so CyberHoot’s simulated phishing emails and training notifications reach your users’ inboxes. Without these policies, Mimecast may rewrite URLs (breaking DKIM authentication), pre-fetch links (causing false click reports), block attachments, or quarantine messages entirely.
Policies covered in this guide:
- Anti-Spoofing Policy
- Permitted Senders Policy
- URL Protection Bypass Policy — critical for false click issues
- Impersonation Protection Bypass Policy
- Attachment Protection Bypass Policy
- Attachment Management Bypass Policy
- Greylisting Bypass Policy
- Managed URLs — if URL Protection Bypass alone doesn’t resolve the issue
CyberHoot Sending IPs & Domains
You’ll need these values for the Source IP Ranges field in every policy below. For the most up-to-date list, see CyberHoot’s Email-Relay IP Addresses & Domains.
| DNS Domain Name | IP Address |
|---|---|
| docunotice.com | 23.20.251.170/32 |
| messagecenters.net | 52.7.191.238/32 |
| securedinbox.net | 52.6.6.155/32 |
| notificationhub.net | 18.213.175.22/32 |
Mimecast Policies
1. Anti-Spoofing Policy
This policy allows CyberHoot to send simulated phishing emails that appear to come from an email address at your domain.
- Log in to the Mimecast Administration Console.
- Click the Administration toolbar button.
- Select Gateway > Policies.
- Select Anti-Spoofing from the list of policies.
- Click New Policy.
- Configure the appropriate settings under the Options, Emails From, Emails To, and Validity sections. For help with these settings, see Mimecast’s Configuring an Anti-Spoofing Policy article.
- In the Source IP Ranges field, enter CyberHoot’s IP addresses listed in the table above.
- Click Save and Exit.
2. Permitted Senders Policy
This policy ensures CyberHoot’s phishing and training-related emails bypass Mimecast’s reputation checks, greylisting, and spam scanning, avoiding rejection or placement in the hold queue.
- Log in to the Mimecast Administration Console.
- Click the Administration toolbar button.
- Select Gateway > Policies.
- Select Permitted Senders from the list of policies.
- Click New Policy.
- Configure the appropriate settings under the Options, Emails From, Emails To, and Validity sections. For more guidance, see Mimecast’s Configuring a Permitted Senders Policy article.
- In the Source IP Ranges field, enter CyberHoot’s IP addresses listed in the table above.
- Click Save and Exit.
3. URL Protection Bypass Policy
Mimecast’s URL Protection service scans and rewrites links in emails upon delivery. This can cause two problems for phishing simulations:
- False click reports — Mimecast pre-fetches and scans every link, which CyberHoot’s tracking system registers as user clicks.
- Broken DKIM authentication — URL rewriting modifies the email body, invalidating the original DKIM signature.
- Log in to the Mimecast Administration Console.
- Click the Administration toolbar button.
- Select Gateway > Policies.
- Select URL Protection Bypass from the list of policies.
- Click New Policy.
- Configure the appropriate settings under the Options, Emails From, Emails To, and Validity sections. Under Options, ensure Policy Override is selected. For more information, see Mimecast’s Configuring a URL Protection Bypass Policy article.
- In the Source IP Ranges field, enter CyberHoot’s IP addresses listed in the table above.
- Click Save and Exit.
4. Impersonation Protection Bypass Policy
If you’re sending phishing simulations that appear to come from users or domains that look like they are internal to your organization, you’ll need to create an Impersonation Protection Bypass Policy.
- Log in to the Mimecast Administration Console.
- Click the Administration toolbar button.
- Select Gateway > Policies.
- Select Impersonation Protection Bypass from the list of policies.
- Click New Policy.
- Configure the appropriate settings under the Options, Emails From, Emails To, and Validity sections. For more guidance, see Mimecast’s Configuring an Impersonation Protection Bypass Policy article.
- Under Options > Select Option, select the Impersonation Protection definition you want to bypass.
- In the Source IP Ranges field, enter CyberHoot’s IP addresses listed in the table above.
- Click Save and Exit.
5. Attachment Protection Bypass Policy
If you plan to include attachments in your phishing simulations, this policy increases the likelihood that those attachments reach users successfully.
- Log in to the Mimecast Administration Console.
- Click the Administration toolbar button.
- Select Gateway > Policies.
- Select Attachment Protection Bypass from the list of policies.
- Click New Policy.
- Configure the appropriate settings under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast’s Configuring Attachment Protection Bypass Policies article.
- In the Source IP Ranges field, enter CyberHoot’s IP addresses listed in the table above.
- Click Save and Exit.
6. Attachment Management Bypass Policy
This policy prevents Mimecast from stripping attachments from your phishing simulation emails, which may otherwise impact your test results.
- Log in to the Mimecast Administration Console.
- Click the Administration toolbar button.
- Select Gateway > Policies.
- Select Attachment Management Bypass from the list of policies.
- Click New Policy.
- Configure the appropriate settings under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast’s Configuring Attachment Management Bypass Policies article.
- In the Source IP Ranges field, enter CyberHoot’s IP addresses listed in the table above.
- Click Save and Exit.
7. Greylisting Bypass Policy
This policy prevents CyberHoot emails from being deferred due to Mimecast’s greylisting checks.
- Log in to the Mimecast Administration Console.
- Click the Administration toolbar button.
- Select Gateway > Policies.
- Select Greylisting from the list of policies.
- Click New Policy.
- Configure the appropriate settings under the Options, Emails From, Emails To, and Validity sections. For more information, see Mimecast’s Configuring Greylisting Policies article.
- In the Source IP Ranges field, enter CyberHoot’s IP addresses listed in the table above.
- Click Save and Exit.
Managed URLs (If URL Protection Bypass Isn’t Enough)
We have seen cases where, despite having a URL Protection Bypass Policy in place, Mimecast still strips links from phishing simulation emails, preventing click actions from being recorded.
Per Mimecast Support, the recommended fix is to add the CyberHoot sending domains as Managed URLs. This is necessary because emails reported through Mimecast’s End User Reporting send the actual URL to Mimecast from your domain, so the URLs need to be allow-listed separately.
Steps:
- In the Mimecast Administration Console, navigate to:
Email Security > URL Protection > URL Tools > Managed URLs > Add Managed URLs - Add each CyberHoot sending domain in the following format:
http://*.docunotice.com
http://*.messagecenters.net
http://*.securedinbox.net
http://*.notificationhub.net - Click Save.
After Setup: Test Your Configuration
We recommend setting up a test phishing campaign to yourself or a small group before sending to all users. This ensures:
- Emails arrive in the inbox (not quarantined or junked)
- URLs are not rewritten by Mimecast
- Clicks are only recorded from real user interaction, not automated scanners
- Attachments (if used) are delivered intact
Please allow time for new policies to propagate before testing.
If you are looking for more assistance, head to our HowTo Library, or contact support@cyberhoot.com.
