DNS Authentication in Mimecast is handled by two separate policies.
DNS Authentication Inbound – Handles whether SPF, DKIM & DMARC checks should apply and what to do when a check if failed. DNS Authentication Outbound – Handles DKIM signing your outbound emails through Mimecast.
Both policies require a Definition to be configured first.
The Definition for Inbound DNS Authentication determines what to do when an SPF, DKIM or DMARC check fails.
From the Definitions dropdown, select DNS Authentication Inbound
Select New DNS Authentication - Inbound Checks
Set the name (Description) for the Definition
Tick the checkbox next to each check to take place.
For each possible result, select the action to take place:
Take No Action: The email will continue to spam checks as normal Ignore Managed/Permitted Sender Entries: Any Permitted Sender or Auto Allow policies applying to this email will be ignored. Reject: The email is blocked and deleted by Mimecast. Honor DMARC Record: Only available for DMARC Fail. Performs the action specified in the sender’s DMARC record: Quarantine: The email is held for an Admin to release Reject: The email is blocked and deleted by Mimecast
Press Save & Exit
Once you have created your definition, you will need to create an accompanying policy to determine when it is applied.