Thanks Sanford -
1. DKIM is in hand, but my issue is that Mimecast says there is no way to whitelist our Marketo instance via DKIM, and IT does not see a way to do it within Mimecast. I am hoping there is another Marketo customer on these forums also using Mimecast who has successfully whitelisted their instance and can share how they did it.
2. IT says this has already been done, but it's not working as it should be.
... View more
Under email suspended cause I'm seeing "550 Rejected by header based Anti-Spoofing policy: firstname.lastname@example.org - https://community.mimecast.com/docs/DOC-1369#550 [8jrT4lbqOSisnWzmg8akqQ.uk64]"
I asked IT your questions and they said this is the rule that's being triggered for anti-spoofing, although this looks like a help article on how to setup the policy, not what exactly the emails are failing for:
My understanding is that the whitelist - whether it's via IP range, regex or via DKIM - should prevent Mimecast for failing these emails for both anti-spoofing or the IP blacklists. I can't find any instructions on how to go about implementing either of those whitelist approaches within Mimecast itself. IT isn't understanding how the whitelisting can be done, and I don't have access to the admin side of Mimecast.
... View more
I have been unable to whitelist Marketo emails from our instance so that they can be received internally.
The main causes for the Marketo emails being rejected include ‘Rejected by header based Anti-Spoofing policy’, or that the shared IP was on a blacklist.
During implementation, I provided our company’s IT admin with the whitelisting instructions in the documentation, however nearly all Marketo emails and notifications are still being blocked internally by Mimecast. IT would prefer to whitelist without using these IPs to avoid whitelisting all other Marketo subscribers sharing these IPs.
Subsequently I sent the instructions for using Regex for whitelisting, but IT and Mimecast says this won’t work. Here is response from Mimecast regarding this:
"For Anti-Spoofing, there is no way you can use expression phrases to bypass the system. DKIM would not work as it work different to Anti-Spoofing. The only way is if make a list of the External IP addresses you see on messages blocked by Anti-Spoofing and allow those on Everyone to Everyone Take no Action Anti-Spoofing Policy."
Marketo Support says that other Marketo customers using Mimecast have been able to use regex to whitelist, though.
We are not eligible for Unique IP because we do not send over 100,000 emails monthly. I believe we are eligible for Trusted IP, which I believe would help solve the problem by providing a branded envelope for free.
It's important to note that our IT team has not setup DKIM yet but is planning to do so within the next month or two. Before applying to Trusted IP / enabling the branded return-path / branded envelope sender, I’m curious if anyone can provide some advice, especially if you’re using Mimecast with your Marketo instance.
Has anyone using Mimecast successfully used regular expressions for whitelisting their Marketo instance? If so, how does this work and how would a Mimecast user set it up?
Another option would be for me to wait for DKIM to be finally setup, and then have IT whitelist DKIM-signed email from: our domain with the selector "m1" (m1._domainkey.example.com). It was pointed out in another post that this may be technically difficult as IT may not have a way of treating signed mail from certain domains differently. Again, looking for any Marketo customers who’ve successfully done this with Mimecast to provide some guidance.
... View more