You need to include Mimecast in your SPF record to allow Mimecast to send emails on behalf of your domain, without failing DMARC authentication. This article will guide about how you can easily set up SPF for Mimecast manually, without any technical support.
To create a new DNS record to include Mimecast, follow the steps shown below:
If you don’t have an SPF record published for your domain:
Log in to your DNS management console
Navigate to your domain section and publish the following SPF record:
v=spf1 include:_netblocks.mimecast.com ~all
Log in to your Domain Registrar
Modify your domain’s SPF record to specify Mimecast as the authorized outbound service
Example: If your previous SPF record was v=spf1 include:_spf.google.com ~all your new SPF record will be v=spf1 include:_spf.google.com include:_netblocks.mimecast.com ~all
Note: If you want all emails for your domain to be routed via Mimecast, you would need to remove all previous SPF records.
If you want to include other outbound sources for your domain along with Mimecast, that might require a combined SPF record. In this case, ensure you include the Mimecast “xx_netblocks.mimecast.com” entry before creating a mail flow connector.