To allow Mimecast to send emails on behalf of your domain, without failing DMARC authentication, you need to include Mimecast in your SPF record. This document shows you how you can easily setup SPF for Mimecast manually, without any technical support.
Steps to Setup SPF for Mimecast
To create a new DNS record to include Mimecast, follow the steps shown below:
If you don’t have an SPF record published for your domain:
Log in to your DNS management console
Navigate to your domain section and publish the following SPF record:
v=spf1 include:_netblocks.mimecast.com ~all
Log in to your Domain Registrar
Modify your domain’s SPF record to specify Mimecast as the authorized outbound service
Example: If your previous SPF record was v=spf1 include:_spf.google.com ~all your new SPF record will be v=spf1 include:_spf.google.com include:_netblocks.mimecast.com ~all
Note: If you want all emails for your domain to be routed via Mimecast, you would need to remove all previous SPF records.
If you want to include other outbound sources for your domain along with Mimecast, that might require a combined SPF record. In this case, ensure you include the Mimecast “xx_netblocks.mimecast.com” entry before creating a mail flow connector. To determine what “xx” is, click here to read Mimecast's article for the SPF setup specifications for different geographical regions.
Finally make sure to lookup the validity of your SPF record with our free SPF lookup tool, to confirm that your record is error-free.
Sign up for your free DMARC analyzer today!