If you're using Mimecast's services, you can whitelist KnowBe4 to allow our simulated phishing test emails and training notifications through to your end users.
Below you'll find instructions for several different policies you'll need to add to your Mimecast console to allow the use of KnowBe4's various services. The policies below are in a suggested order for the highest probability of success for your phishing security tests.
Each Mimecast policy section has a description of the policy's purpose regarding KnowBe4's phishing security test features.
If you run into issues whitelisting KnowBe4 in your Mimecast services, we recommend reaching out to Mimecast for specific instructions. You can also contact our Support team whenever you need assistance.
Anti-Spoofing Policy
Follow the steps below to allow KnowBe4 to send emails appearing to come from an email address at your domain, on your behalf.
- Log in to your Mimecast Administration Console.
- Click the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select Anti-Spoofing from the list of policies displayed.
- Select the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring an Anti-Spoofing Policy article.
- Select the Policy Override check box.
- In the Source IP Ranges field (shown below), enter our IP ranges. For the most up-to-date list of our IP addresses, please see the KnowBe4's IP Addresses, Hostnames, and Headers section of our Whitelisting Data and Anti-Spam Information article.
Be sure to save the policy. This should allow the simulated phishing templates appearing to come from your organization's domain, to successfully reach your users' inboxes. We suggest setting up a test campaign to yourself or a small group of people to ensure the policy works as intended, before sending a campaign to all of your users.
Permitted Senders Policy
To successfully whitelist our phishing and training-related emails when using Mimecast, you should Create a new Permitted Sender policy to allow our phishing and training-related emails through to your users' inbox.
Follow the steps below to allow KnowBe4 emails to arrive successfully in your users' inboxes.
- Log in to your Mimecast Administration Console.
- Click the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select Permitted Senders from the list of policies displayed.
- Select the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings see Mimecast's Configuring a Permitted Senders Policy article.
- Select the Policy Override check box.
- In the Source IP Ranges field (shown below), enter the appropriate IP ranges for your KnowBe4 account's location. For the most up-to-date list of our IP addresses, please see the KnowBe4's IP Addresses, Hostnames, and Headers section of our Whitelisting Data and Anti-Spam Information article.
Be sure to save the policy. We suggest setting up a test campaign to yourself or a small group of people to ensure the policy works as intended, before sending a campaign to all of your users.
Attachment Protection Bypass Policy
If you'd like to use attachments in your simulated phishing tests, follow the steps below to increase the likelihood that emails with attachments from KnowBe4 will successfully arrive in your users' inboxes. Mimecast may still prevent the delivery of attachments. Set up a test after creating this policy to ensure your desired attachment goes through.
- Log in to your Mimecast Administration Console.
- Click the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select Attachment Protection Bypass from the list of policies displayed.
- Select the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring Attachment Protection Bypass Policies article (opens in a new window).
- Select the Policy Override check box.
- In the Source IP Ranges field (shown below), enter the appropriate IP ranges for your KnowBe4 account's location. For the most up-to-date list of our IP addresses, please see the KnowBe4's IP Addresses, Hostnames, and Headers section of our Whitelisting Data and Anti-Spam Information article.
Be sure to save this new policy. After allowing time for this new rule to propagate, we recommend setting up a phishing campaign to yourself, or a small group to test out the various attachment types.
URL Protection Bypass Policy
Mimecast's URL Protection service scans and checks links in emails upon delivery. This can sometimes result in false positives for your phishing security tests. Follow the steps below to create a URL Protection Bypass policy for accurate phishing security test results.
- Log in to your Mimecast Administration Console.
- Click the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select URL Protection Bypass from the list of policies displayed.
- Select the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring a URL Protection Bypass Policy article.
- Select the Policy Override check box.
- In the Source IP Ranges field (shown below), enter the appropriate IP ranges for your KnowBe4 account's location. For the most up-to-date list of our IP addresses, please see the KnowBe4's IP Addresses, Hostnames, and Headers section of our Whitelisting Data and Anti-Spam Information article.
Be sure to save the policy. We suggest setting up a test campaign to yourself or a small group of people to ensure the policy works as intended, before sending a campaign to all of your users.
Impersonation Protection Bypass Policy
If you’re sending whaling/phishing emails purporting to come from users/domains that look like they are internal to your organization, you'll want to create an Impersonation Protection Policy in your Mimecast console.
Impersonation Protection Bypass Policy
- Log in to your Mimecast Administration Console.
- Click the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select Impersonation Protection Bypass from the list of policies displayed.
- Select the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring an Impersonation Protection Bypass Policy article.
Note: In the Select Option field under Options, select the impersonation protection definition you want to be bypassed. If you have multiple definitions you would like to bypass, you will need to create a separate Impersonation Protection Bypass Policy for each one.
- Select the Policy Override check box.
- In the Source IP Ranges field (shown below), enter the appropriate IP ranges for your KnowBe4 account's location. For the most up-to-date list of our IP addresses, please see the KnowBe4's IP Addresses, Hostnames, and Headers section of our Whitelisting Data and Anti-Spam Information article.
Be sure to save the policy. We suggest setting up a test campaign to yourself or a small group of people to ensure the policy works as intended, before sending a campaign to all of your users.
Attachment Management Bypass Policy
If you'd like to use attachments in your simulated phishing tests, follow the steps below to prevent attachments from being stripped from emails, potentially resulting in skewed test results.
- Log in to your Mimecast Administration Console.
- Click the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select Attachment Management Bypass from the list of policies displayed.
- Select the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring Attachment Management Bypass Policies article.
- Select the Policy Override check box.
- In the Source IP Ranges field (shown below), enter the appropriate IP ranges for your KnowBe4 account's location. For the most up-to-date list of our IP addresses, please see the KnowBe4's IP Addresses, Hostnames, and Headers section of our Whitelisting Data and Anti-Spam Information article.
Be sure to save the policy. We suggest setting up a test campaign to yourself or a small group of people to ensure the policy works as intended, before sending a campaign to all of your users.
Greylisting Bypass Policy
You may want to set up this policy if want to prevent Mimecast from preventing emails from being deferred. Below are instructions on how to add this policy.
- Log in to your Mimecast Administration Console.
- Click the Administration toolbar button.
- Select the Gateway | Policies menu item.
- Select Greylisting from the list of policies displayed.
- Select the New Policy button.
- Select the appropriate policy settings under the Options, Emails From, Emails To, and Validity sections. For more information on these settings, see Mimecast's Configuring Greylisting Policies article.
- Select the Policy Override check box.
- In the Source IP Ranges field (shown below), enter the appropriate IP ranges for your KnowBe4 account's location. For the most up-to-date list of our IP addresses, please see the KnowBe4's IP Addresses, Hostnames, and Headers section of our Whitelisting Data and Anti-Spam Information article.
- Click Save and Exit to save the changes.
Preventing Mimecast from Re-Writing Phishing Links
If you'd like to prevent Mimecast from re-writing the links in the Phishing tests you send, you can do so by adding KnowBe4's phish link domains as Permitted URLs in Mimecast. You can find a list of our phish link domains in the Phishing tab of your KSAT console under Domains. Our support team can provide a list of our phish link domains. Submit a support ticket to request this.
Keep in mind, we don't recommend creating an exception for this unless you also have exceptions for other senders already in place. Otherwise, seeing anything other than a rewritten Mimecast URL will be a red flag for users and may skew your results.
For more information on disabling link rewriting on permitted URLs, see Mimecast's Targeted Threat Protection: Managed URLs article.
DNS Authentication Bypass Policy (Optional)
If you are having issues with our emails being sent to your spam folder or being quarantined, you may want to set up this additional policy. First, you'll need to set up the inbound definition and then you can create the policy. Below are instructions on how to add this policy.
DNS Authentication - Inbound Definition Setup
- Log in to your Mimecast Administration Console.
- Select the Gateway | Policies menu item.
- Click the Definitions drop-down menu and select the DNS Authentication - Inbound option.
- Select New DNS Authentication - Inbound Checks.
- Create a name for the definition and leave all options unchecked.
- Click Save and Exit to save your changes.
DNS Authentication - Inbound Policy Setup
- Log in to your Mimecast Administration Console.
- Select the Gateway | Policies menu item.
- Click the DNS Authentication - Inbound policy.
- Select New Policy.
- Specify the following settings listed in the image below:
- Enter the KnowBe4 IP ranges into the Source IP ranges field.
- Check the Policy Override option.
- Click Save and Exit to save the changes.
CyberGraph Policy (Optional)
If you’re having issues with Mimecast removing KnowBe4’s email trackers, you can set up this policy. Mimecast’s CyberGraph Policy will prevent email trackers from being removed. To set up the CyberGraph policy, follow the steps below:
- Log in to your Mimecast Administration console.
- Navigate to Services > CyberGraph.
- Click Create New Policy.
- Enter a Name for the policy, such as “KnowBe4 CyberGraph Policy”.
- (Optional) Enter a Description for the policy.
- In the Dynamic Banners field, select Disabled.
- In the Trackers field, select Disabled.
- In the User Reporting field, select Disabled.
- Click Next.
- In the Applies To section, set the From field to Everyone. Then, set the To field to Everyone.
- In the Source IP Ranges field, enter KnowBe4’s IP addresses. For a list of our IP addresses, see the KnowBe4's IP Addresses, Hostnames, and Headers section of our Whitelisting Data and Anti-Spam Filtering Information article.
- Click Next. You’ll be taken to the Summary page to confirm your settings are correct.
- In the Policy Status field, click Enabled.
- Click Create New Policy.
Troubleshooting
If your whitelisting was unsuccessful, we recommend that you reach out to Mimecast for additional help. For an email template you can send to them, see the Third-party Whitelisting Assistance section of our Whitelisting Data and Anti-Spam Filtering Information article.
If you're experiencing issues with false positives and the Journaling feature is enabled for your Mimecast account, you may need to add our phishing domains to your Managed URLs. For more information, see Mimecast's Targeted Threat Protection: Managed URLs article. For a list of our phishing domains, please contact our support team.