Overview of the issue
Mimecast is a IT security platform implemented by your company or organisation to keep you safe online.
More about Mimecast
Mimecast clicks on links in emails as a core security function. This is a feature, not a bug, and it’s designed to protect you from malicious websites. This process is part of Mimecast’s Targeted Threat Protection (TTP), specifically a feature called URL Protect.
Mimecast’s URL Protect feature is proactively scanning your one-time-use links to check for threats. Because your system interprets any “click” or web visit as a confirmation, Mimecast’s security scan is prematurely triggering your Approve/Reject action.
To resolve this, you need your Mimecast administrator to create a specific exception for these links. Here are the most common and effective solutions, ordered from best practice to less ideal.
Here is an email template you can adapt and send to your IT department or Mimecast administrator:
Subject: Issue with links from electricalcertificates.co.uk
Dear IT Help Desk,
I am having an issue with emails that come from the domain electricalcertificates.co.uk
.
These emails contain important one-time-use links. However, by the time I click on them, they have already expired. I believe our Mimecast email security system is automatically “clicking” the links to scan them, which is causing them to break.
Could you please whitelist the electricalcertificates.co.uk
domain in Mimecast to prevent the links from being scanned and rewritten? This is disrupting a key business process for our team.
Please let me know if you need any more information.
Thanks,
Best regards,
[Your Name] [Your Department/Team]
This is the most precise and secure method. It tells Mimecast to not rewrite or scan URLs that come from or point to a specific, trusted domain or URL path. This leaves the rest of your URL protection security intact.
What your Mimecast Administrator needs to do:
Identify the Link’s Domain/URL: You need to provide them with the domain name or the full URL structure of your Approve/Reject links. For example, it might be something like approvals.yourcompany.com
or workflow.your-erp.com/api/v1/action/
.
Create a Bypass Policy: The administrator will log in to the Mimecast Administration Console and perform the following steps:
Navigate to: Gateway > Policies > URL Protection
.
Create a new policy and give it a descriptive name (e.g., “Workflow Approval Link Bypass”).
In the “Applies To” section, they will define the source and destination. The key is to specify the URL(s) to be bypassed. They can enter the specific domain (approvals.yourcompany.com
) or even use wildcards (*.yourcompany.com/approval/*
).
In the “Policy Options”, they will select the action “Do not rewrite URLs”. This tells Mimecast to completely ignore these links, leaving them in their original state.
They will apply this policy so it affects the correct users (e.g., all internal users).
Why this is the best option:
Targeted: It only affects the specific links from your internal system.
Secure: It does not weaken your overall security posture, as all other links in all other emails will still be scanned by Mimecast.
If all the approval emails come from a single, dedicated email address (e.g., no*****@******rp.com
), you can create an exception based on the sender.
What your Mimecast Administrator needs to do:
Identify the Sending Address: Provide the exact email address or domain that sends the approval emails.
Create a Managed Sender Policy:
Navigate to: Gateway > Policies > Managed Senders
.
Add the sending email address or domain.
Choose the option to “Permit” the sender.
When configuring the permit action, select an option that specifically bypasses URL Protection. Be careful here, as some options can also bypass other important checks like spam or attachment scanning. The administrator should choose the most granular bypass available.
Why this is a secondary option:
It’s less precise. This policy trusts everything from that sender, which could be a security risk if that email account were ever compromised and used to send malicious content.
Document the URLs: Copy the exact domain name and, if possible, the structure of your Approve and Reject links.
Contact Your IT Department or Mimecast Administrator: This is not something an end-user can change.
Request a Solution: Ask them to implement a “URL Protection Bypass Policy” (Solution 1) for the specific URLs you have documented. Explain that Mimecast’s proactive scanning is prematurely triggering one-time-use links.
By creating a targeted bypass policy, you can ensure your workflow functions correctly without compromising your organization’s email security
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |