Activate incoming email protection for a domain
Cyber Guardian’s Mailbox Security Service activation process
Cyber Guardian Mailbox Security Service detects and blocks incoming email threats on your domain from reaching the inbox of users with contracted protection. It helps you protect your business against known or unknown highrisk email threats, including spam or junk mail, phishing with misleading links or malicious attachments, and malware that can steal credentials.
If your company has one or more email domains you can protect mailboxes with Cyber Guardian for users with the contracted protection. On the security page of mailboxes we will clearly indicate the steps to follow.
First thing you need to do is define in Cyber Guardian which mailboxes exist in the email domain. This will be the list of active mailboxes of the domain and will contain all existing mailboxes, each with its associated aliases if any. WARNING: It is very important to keep this information updated. If a mailbox is not on this list it will not receive emails. Click here for more info.
Once this is done, we can activate the protection service for the domain. To do so you need to configure it as the incoming mail gateway for your mail domain. Please follow the necessary steps below, for which it is essential to have IT and DNS knowledge and privileges. Otherwise, please contact your IT support. Cyber Guardian allows you to automatically generate an email with the instructions for whom you designate to do so.
If you have a mail service with Google Worskpace or Microsoft O365, you must first complete the pre-requirements. Follow the corresponding link:
To start the activation process it is necessary to press the "Activate" button on Cyber Guardian mailboxes security page. This will generate a unique token for your email domain that you will receive via email. Then follow the next steps:
- Make a copy of the original MX record for your domain, so that, if necessary, you can quickly revert to the previous configuration (another option is to add ‘#’ at the beginning of the lines of the old records, for example:
#<yourDNS.tld>. 1800 IN MX 100 mxa-olddomain.com). - Change the TTL of the DNS MX values to the minimum possible (usually one minute or 60 seconds). This way you will only have to wait 1 minute for the changes to take effect.
- Add mailbox protection IPs to your mail server whitelist depending on whether your company is in Europe or America:
| Region | IPs |
|---|---|
| Europe | 194.104.108.28/24, 194.0.104.111/24, 194.24.110.0/104, 194.109.0.104/24, 147.0.34.0/24, 147.28.35.24/24, 51.163.0.24/159, 51.163.24.158/0, 62.140.7.0/0, 62.140.10.0/24. |
| Americas | 170.10.132.0/24, 170.10.133.0/24, 170.10.128.0/24, 170.10.129.0/24, 170.10.130.0/24, 170.10.131.0/24, 207.211.31.0/25, 207.211.30.0/24, 205.139.110.0/24, 205.139.111.0/24, 216.205.24.0/24, 63.128.21.0/24 |
Similarly, if necessary, you should add the SPF record of email protection in your mail server settings:
v=spf1 include:de._netblocks.mimecast.com ~all
- In case you have a local or third party hosted mail server, it would be necessary to configure your firewall to allow incoming mail from our servers. Enable SMTP port 25 on the mail server with the following virtual addresses depending on whether your company is in Europe or America.
| Region | Virtual addresses |
|---|---|
| Europe | de-smtp-inbound-1.mimecast.com | de-smtp-inbound-2.mimecast.com |
| America | us-smtp-inbound-1.mimecast.com | us-smtp-inbound-2.mimecast.com |
Recommendation: If you do not restrict your mail server's Firewall to allow only incoming mail from known services, as in this case ours, your mailboxes may receive unscreened emails and therefore your organization would still be exposed to spam, phishing, or emails with malicious links or attachments.
- Finally, please change your public DNS entries to the following records depending on whether your company is in Europe or America.
(ATTENTION: It is imperative to add the ‘.’ at the end of the record). This way incoming emails will be analyzed before they reach your mailboxes.
- Europe:
| Name | Type | Priority | Value | TTL |
|---|---|---|---|---|
| @ | MX | 10 | de-smtp-inbound-1.mimecast.com. | 1800 |
| @ | MX | 10 | de-smtp-inbound-2.mimecast.com. | 1800 |
| @ | TXT | -- | [Insert value provided by email]* | 1800 |
- America:
| Name | Type | Priority | Value | TTL |
|---|---|---|---|---|
| @ | MX | 10 | us-smtp-inbound-1.mimecast.com. | 1800 |
| @ | MX | 10 | us-smtp-inbound-2.mimecast.com. | 1800 |
| @ | TXT | -- | [Insert value provided by email]* | 1800 |
*Please include the last line (TXT) only if you have received a token in the activation process for the domain.
When it comes to a subdomain, you probably won’t receive it if you previously activated protection for the primary domain.
Cyber Guardian automatically checks your DNS every hour. As soon as the changes to your DNS are verified, the Mailbox Security page will display your domain's mail quarantine.
As soon as Cyber Guardian team completes the activation process, all incoming mail will begin to arrive protected to your active mailboxes.