Secure Messaging


Secure Messaging provides a user friendly, secure channel for sending and receiving sensitive information via email. It uses the power of the Mimecast Gateway to delivery emails in a secure way. The messages are sent via the Mimecast Gateway and accessed by the user using the Mimecast Secure Messaging Portal. This means the messages are not passed through the recipients email server, and so can only be seen by the recipient.


Secure Messaging provides the following benefits:

  • Administrators can enforce secure communications through a defined policy.
  • End users can secure communications, without having to consider server side technology.
  • End users can apply tracking options to see when recipients have accessed their message.
  • End users can apply expiry dates on messages sent, to ensure recipients can only view content for a defined period of time.
  • End users can apply controls on messages sent, to restrict the actions a recipient can take on a message.

Using Secure Messaging

The Secure Messaging process is:

  1. Messages are either triggered automatically by:
    1. A policy based on the message content (e.g content examination policy).
    2. The sender using Secure Messaging when sending the message.
  2. The messages are passed to the Mimecast gateway.
  3. A Secure Messaging notification is sent to the recipient.

  4. The notification indicates there is a message, and contains a link to the Secure Messaging Portal.

  5. The Secure Messaging Portal requires the user’s email address and secure messaging password to be provided before any messages can be accessed. Enter your email address, and click on the Next button.

    1. If this is the first time you have received a Secure Message, you’ll receive a temporary password in a separate email notification. When you log in, you’ll be prompted to set a new password.
    2. If you’ve log in details for the Closed Circuit Messaging (CCM) Portal, these same details work for the Secure Messaging Portal.

The Secure Messaging Portal

The Secure Messaging Portal is the primary application that recipients of a Secure Message use to interact with your company via email. It is also a place where internal users of a Mimecast customer can interact with Secure Messages.

Whilst in the Portal, users can perform the following tasks:

  • View all Secure Messages received and sent.
  • Reply to messages (this is not available on all accounts).
  • Compose a new Secure Message (this is not available on all accounts).
  • Mark messages as read / unread.
  • Delete messages from their Inbox.
  • Search their Secure Messaging mailbox.
  • Reply to Secure Messages.
  • Print messages.
  • Set personal preferences, including format of date, time, first day of the week.
  • Create an email signature to be appended to Secure Messages sent from the Portal.

See Also…

  • Accessing the Secure Messaging Portal
  • Using the Secure Messaging Portal

Administration Settings

Are there any limits to message expiration?
Yes. The maximum message extension is limited to the maximum retention period for the customer account.

Why have the TLS options been removed from “Send Secure” in Mimecast for Outlook?
Based on feedback we received, options like “Enforce Encryption” and “Best Route” were found to be confusing. The labels were hard to understand and the ability to use TLS was viewed as an administrator decision, rather than something the end user should have to decide. Administrators can configure policies to use Enforced / Opportunistic TLS which negates the need for the menu options in Mimecast for Outlook.
The “Send Secure” button is exclusively for Secure Messaging functions.

Are there any limitations on configuring the MSO “Send Secure” drop-down?
These policy options can be configured. However you have the ability to select which definitions are available in line with the specific needs of your users.

Can the items in the Mimecast for Outlook “Send Secure” drop-down menu be manually reordered?
No. At present, this is not possible.

Does message recall expire the original message, or all replies as well?
Take the following scenario:

  1. UserA sends a message to UserB and UserC.
  2. UserB replies all to the message.
  3. UserA recalls the message from Sent Items.
  4. The original message will be recalled from the Inbox of UserB and UserC.
  5. However the replied message will still display all the contents of the original message for the recipients (UserA / UserC) as well as in the senders Sent Items (UserB).


  • Secure Messaging will only recall the original message.
  • The concept of a conversation chain doesn’t exist in Secure Messaging. Therefore the sender can recall their message but replies are not affected.

User Capabilities

Why can a user only extend message expiry once?
Ultimately, the administrator has control over what their users can do. For example, if the administrator sets a policy that specified messages should be expired after one day, but the user had the ability to constantly override this, users would be able circumvent the administrator defined policy.

After a message has been recalled, can I grant access again?
Once a message has been recalled, a new message must be created if the sender wishes to provide the information again to the recipient.

What is the session timeout duration for the web portal?
The web portal times out after 60 minutes.

When I log in to the web portal, why is a message open?
This happens when a user selects to open the portal from a link in a Secure Messaging notification. If users login to the portal without following a link, a message will not be open.

Why doesn’t the Deleted folder refresh straight away?
When a message is deleted from the Secure Messaging web portal, the message may not show up straight away in the Deleted folder. This is a known limitation. It may take 15 seconds or more for the message(s) to be ordered into the correct list.

When I send a message from the Secure Messaging Portal, the message is shown in my Inbox AND my Sent Items. Why?
This is because of an account level setting called ‘Send BCC to Mail Server’. This can be enabled or disabled at the Mimecast account level in the Administration | Account | Account Settings menu of the Administration Console.

Is there a limit to the number of Secure Messages that can be sent?
From Secure Messaging 2.0 onwards, each licensed Secure Messaging user can send an unlimited number of messages to up to 500 unique recipients per month. If the 500 limit is reached, an additional “bulk sender” license pack can be purchased to increase the limit. Contact your Account Manager for more details.

Secure Messaging Portal

The Secure Messaging Portal is the primary application that recipients of a Secure Message will use to interact with your company via email, as well as a place where internal users of a Mimecast customer can interact with Secure Messages.

While in the Portal users can perform the following tasks:

  • View all Secure Messages sent and received
  • Search their Secure Messaging mailbox
  • Compose a new Secure Message
  • Reply to Secure Messages
  • Set personal preferences, including,
    • The homepage (Inbox, Sent items, Personal On hold etc)
    • Time Zone
    • Preferred date, time, first day of the week format
    • A signature to be appended to Secure Messages sent from the Portal.


Mimecast for Outlook

Secure Messaging can be initiated and managed from the Mimecast for Outlook application, allowing end users to take advantage of the feature without having to leave the familiar Outlook interface.

These features require Mimecast for Outlook 5.3 and later.

Users have access to the following the features:

  • Send a Secure Message using Secure Messaging definitions published by an administrator.
  • Manage messages sent by Secure Messaging, including,
    • view the read / unread status of a message
    • view information about the message actions permitted for the recipient
    • extend the expiry of a message
    • recall a message that has been previously sent


Mimecast for Mac

Using the Mimecast for Mac application, users can specify to send a Secure Message to an external recipient, allowing Apple Mac users to use this feature from a desktop application.

This features requires Mimecast for Mac 2.0 and later.


  • Creating a Secure Messaging Definition

    Learn how to set up Secure Messaging definitions that can then be applied in admin defined policies and selected by end users using the Secure Messaging Portal, Mimecast for Outlook and Mimecast for Mac.

  • Adding Branding to Secure Messaging

    The Secure Messaging Portal will be used by both internal and external users alike. Let your company’s personality shine through by adding your corporate branding, including your company colors and logo.

  • Apply Secure Messaging Based on the Content of a Message

    Secure Messaging can be triggered by admin defined content found in outbound messages, to ensure that business critical, company sensitive information does not leave the control of your messaging environment.

  • Apply Secure Messaging Based on the Recipient of a Message

    When using Secure Messaging it is likely that you will want to enforce the feature for messages sent to specific recipients, for example a domain or a named group of recipients.

  • Apply Branding to Notifications

    Once branding has been configured, it is possible to apply this to the notifications that your external recipients will receive as well. This article will guide you through this process.

  • Publish Secure Messaging Definitions for End Users

    End users may not be aware of admin defined policies but still want to send a Secure Message to ensure they are following your corporate security practices.

  • Secure Messaging: Getting Started

    Follow the steps below to get Secure Messaging up and running in your environment.

Secure Messaging: Troubleshooting Log In Issues

A list of the possible causes for end users unable to logon to the Secure Messaging Portal.