Who are mimecast?

Mimecast is a filter primarily used by businesses. They’re fairly widely used. In some of the data analysis I’ve done for clients, they’re a top 10 or top 20 filter.
Earlier today someone asked on Facebook if mimecast may be blocking emails based on the TLD. The short answer is it’s unlikely. I’ve not seen huge issues with them blocking based on TLD of the domain. They’re generally more selective than that.

The good news is mimecast is really pretty good about giving you explanations for why they’re blocking. They’ll even tell you if it’s mimecast related or if it’s a specific user / user-company block.
Some example rejection messages from a recent dive into some bounce logs.

  • Administrative prohibition – envelope blocked – https://community.mimecast.com/docs/DOC-1369#
  • Email rejected due to security policies – https://community.mimecast.com/docs/DOC-1369#
  • Envelope blocked – User Entry – https://community.mimecast.com/docs/DOC-1369#550
  • Invalid Recipient – https://community.mimecast.com/docs/DOC-1369#
  • Message expired -> Open relay not allowed – https://community.mimecast.com/docs/DOC-1369#451
  • Rejected by header based Blocked Senders: address@example.com – https://community.mimecast.com/docs/DOC-1369#
  • Rejected by header based manually Blocked Senders: address@example.com – https://community.mimecast.com/docs/DOC-1369#
  • Remote server returned message denied by administrative policy -> Administrative prohibition – envelope blocked – https://community.mimecast.com/docs/DOC-1369#550
  • spamcop.mimecast.org Blocked – see http://www.spamcop.net/bl.shtml?10.10.10.10. – https://community.mimecast.com/docs/DOC-1369#550

If you look at the page linked to you can see that there is a huge amount of flexibility in how and who can block mail using mimecast. Mimecast itself can push filters, local administrators can filter mail for the particular domain they manage, and individual users can set up filters. And, users seem to take advantage of that.
Dealing with a mimecast block involves figuring out who is responsible for the block. Luckily, the mimecast rejection messages and documentation give clues as to whether it’s the local administrator configuring the policy or if it’s the end user. In most cases it’s not actually mimecast blocking the mail.
Mimecast provides tools and an interface to manage incoming mail, but does not actually push out rules like many of the other appliances. That’s good and that’s bad. It’s good because you don’t have a 3rd party making delivery rules for different businesses. It’s bad because once a company administrator gets to the point of blocking specific mail it’s going to be very difficult to convince them to lift that block.
Why? Remember the discussion about productive mail?
Productive Mail: Mail that furthers a business’ goals and supports their underlying business model. Mail can be both solicited and wanted by specific endusers. But, a particular company can decide to block mail simply because they don’t see the mail as beneficial to the overall business. Thus the mail is blocked for being unproductive.
We can assume that employees who have access to create mail blocks in mimecast, and other business filters, have the authority to do so. Which means when you’re looking to get unblocked through mimecast, you’re likely having to convince the very person who blocked you to unblock you.
These types of blocks are distinctly different than negotiating with a consumer ISP or even a filtering company. There is no appealing to engagement or appealing to solicited. The business doesn’t really care about either, all they care about is their employees are working while they’re at work and using corporate resources.

Related Posts

Feedback loops

There are a lot of different perspectives on Feedback Loops (FBLs) and “this is spam” buttons across the email industry.
Some people think FBLs are the best thing since sliced bread and can’t figure out why more ISPs don’t offer them. These people use use the data to clean addresses off their lists, lower complaints and send better mail. They use the complaints as a data source to help them send mail their recipients want. Too many recipients opted out on a particular offer? Clearly there is a problem with the offer or the segmentation or something.
Other people, though, think the existence of “this is spam” buttons and FBLs is horrible.  They call people who click “this is spam” terrorists or anti-commerce-net-nazis. They want to be able to dispute every click of the button. They think that too many ISPs offer this is spam buttons and too many ESPs and network providers pay way to much attention to complaints. The argue ISPs should remove these buttons and stop paying attention to what recipients think.
Sadly, I’m not actually making up the terminology in the last paragraph. There really are who think that the problem isn’t with the mail that they’re sending but that the recipients can actually express an opinion about it and the ISPs listen to those opinions. “Terrorists” and “Nazis” are the least of the things they have called people who complain about their mail.
One of the senior engineers at Cloudmark recently posted an article talking about FBLs and “this is spam” buttons. I think it’s a useful article to read as it explains what value FBLs play in helping spam filters become more accurate.

Read More

Why do ISPs do that?

One of the most common things I hear is “but why does the ISP do it that way?” The generic answer for that question is: because it works for them and meets their needs. Anyone designing a mail system has to implement some sort of spam filtering and will have to accept the potential for lost mail. Even the those recipients who runs no software filtering may lose mail. Their spamfilter is the delete key and sometimes they’ll delete a real mail.
Every mailserver admin, whether managing a MTA for a corporation, an ISP or themselves inevitably looks at the question of false positives and false negatives. Some are more sensitive to false negatives and would rather block real mail than have to wade through a mailbox full of spam. Others are more sensitive to false positives and would rather deal with unfiltered spam than risk losing mail.
At the ISPs, many of these decisions aren’t made by one person, but the decisions are driven by the business philosophy, requirements and technology. The different consumer ISPs have different philosophies and these show in their spamfiltering.
Gmail, for instance, has a lot of faith in their ability to sort, classify and rank text. This is, after all, what Google does. Therefore, they accept most of the email delivered to Gmail users and then sort after the fact. This fits their technology, their available resources and their business philosophy. They leave as much filtering at the enduser level as they can.
Yahoo, on the other hand, chooses to filter mail at the MTA. While their spamfoldering algorithms are good, they don’t want to waste CPU and filtering effort on mail that they think may be spam. So, they choose to block heavily at the edge, going so far as to rate limit senders that they don’t know about the mail. Endusers are protected from malicious mail and senders have the ability to retry mail until it is accepted.
The same types of entries could be written about Hotmail or AOL. They could even be written about the various spam filter vendors and blocklists. Every company has their own way of doing things and their way reflects their underlying business philosophy.

Read More

Is purging always effective?

 

Read More