Mail Security

91% of all cyber attacks start with an email

Email attacks are becoming more complex and dangerous

In many email attacks today, cybercriminals rely on social engineering to trick users and bypass email security gateways. To protect your business and your data, you should stay one step ahead of attackers.

Only mimecast protects you from all types of email threats

mimecast Email Protection gives you comprehensive protection against all email threat types, from spam and ransomware to social engineering threats such as spear phishing, business email compromise and account takeover.

of all companies will be affected by ransomware attacks via email in 2021.
Every 7th
Company suffered an account takeover in 2021
of all companies report having suffered at least one successful phishing attack in 2021 (2020: 57%)

Email security is cybersecurity

Comprehensive protection against threats in emails

Mimecast's Secure Email Gateway and Integrated Cloud Email Security solutions protect organizations from all forms of email compromise, including zero-day attacks. Both solutions leverage Mimecast's best-in-class detection capabilities, including Mimecast and third-party detection engines, continuously updated threat intelligence from outside and inside your organization, and advanced AI and machine learning. The result: better prevention, faster remediation, and greater resilience.

Mimecast's advanced technologies protect against ransomware, phishing, spear phishing, malware, and more. URL protection blocks malicious URLs on every click and from any device. Attachment protection guards against dangerous attachments - including advanced static file analysis, secure conversion of MS Office and PDF files, and our powerful behavior-based sandboxing feature. And impersonation protection guards against emails impersonating people or brands. These features are complemented by content inspection and data leak prevention capabilities.

Protect your emails, users and data

Stop Threats

Protect your users and your business from volumetric threats like malware and spam, as well as advanced threats like ransomware and zero-day attacks.

AI assisted detection

Defend against the most sophisticated attacks with AI-powered detection

Email data is valuable

Enable your users to send sensitive information securely with message encryption that is easy for them to use and manage.

State-of-the-art protection functions

Block spam, malware and zero-day threats

Mimecast uses advanced techniques to detect known spam and malware. Email continuity, outbound filtering and encryption prevent data loss. Integrated Advanced Threat Protection detects zero-day malware using payload analysis and sandboxing. Link Protection redirects suspicious and typosquatted URLs, and DNS filtering blocks access to malicious web domains to prevent recipients from accidentally downloading malware.

Ensure email security by protecting against external threats

Don't just respond quickly to email attacks: Identify, block and remove criminals' email and web domains and infrastructure before they attack your employees, partners or customers.

Mimecast's DMARC Analyzer makes it easier to stop email impersonations based on domain spoofing and block fraudulent attacks that steal your good name. Mimecast's Brand Exploit Protect combines advanced machine learning and targeted scanning to detect potential phishing attacks earlier, block compromised assets before they become active attacks, and fend off active attacks to quickly minimize damage. Far beyond your borders, your email connections are protected. So is your supply chain - and your reputation.

Stay one step ahead of cybercriminals.

Protect yourself from email threats

Email is the main source of cyber threats. Find out what types your company is exposed to.

As the top attack vector, email requires the strongest possible protection. Prevent even the most sophisticated attacks on your business and stay one step ahead of the threats with Mimecast Email Security.

Whether it's phishing, malware, social engineering, or data theft, Mimecast fends off the most dangerous attacks.

Data theft
URL Phishing
Domain Imitation
Brand Impersonation
Business Email Compromise
Conversation Hijacking
Account transfer


More than half of the world's e-mail volume consists of so-called spam. A large proportion of this is unsolicited advertising mail. But many spam emails are not only annoying, but also dangerous. Spam can contain malicious files or attempted attacks such as phishing.


Malware often spreads on classic IT systems via e-mail attachments.
The probability of malware occurring is very likely and the damage potential is existence-threatening.

Malware can basically be executed on all operating systems and IT systems. These include not only classic IT systems such as clients and servers, but also mobile devices such as smartphones or network components such as routers and industrial control systems.

Data theft

Data exfiltration is the unauthorized transfer of data from a computer or other device. In addition to malicious attacks, data is often accidentally exfiltrated due to human error. The average total cost of a data breach was $3.92 million in 2019.

URL Phishing

Disguised as a reputable bank, Internet provider or other service provider, phishing e-mails with a fake sender ask recipients to update their personal data, for example. As a pretext for confirming account information, for example, the imminent expiry of a credit card is mentioned. Or the password must be renewed due to an alleged security incident. The criminals speculate that there will always be enough customers of the organization named in the sender among the recipients of a spam wave. No wonder that the name of large banking groups such as the Sparkassen or Volks- und Raiffeisenbanken is so often misused for phishing


Scamming is often involved in phishing attacks. Criminals try to trick victims into giving up money or steal their identity to get them to reveal personal information. Examples of scamming include fake job offers, investment opportunities, notifications of inheritances, lottery prizes, and money transfers.

Domain Imitation

Domain impersonation is an attack in which cybercriminals attempt to impersonate a specific domain using methods such as typosquatting. This is often used in conversation hijacking attacks because it can be difficult to detect the subtle differences between a legitimate and a fraudulent email domain.

Brand Impersonation

In brand impersonation, the attacker poses as a company or brand and tries to trick customers into responding and revealing confidential information. Forty-seven percent of all spear phishing attacks are service impersonation, meaning the attacker impersonates a well-known brand.


Extortion is at play in 7 percent of all spear phishing attacks. The total cost of all extortion attacks was more than $107 million in 2019. Hackers threaten to release compromising materials if their victims do not pay.

Business Email Compromise

BEC attacks are also called CEO fraud or wire fraud. In these, the attacker poses as an employee of a company in order to defraud the latter. While BEC attacks account for only 7 percent of all spear phishing attacks, they caused a total loss of $1.7 million in 2019 alone.

Conversation Hijacking

Cybercriminals gain access to existing business conversations in order to obtain money or personal data. While the overall volume of conversation hijacking attacks is lower than other types of phishing attacks, they are particularly effective, difficult to detect, and costly due to their personalized nature.

Account transfer

A new analysis of account takeover attacks shows that the Microsoft Office 365 accounts of 29 percent of all organizations were compromised by hackers within a month. More than 1.5 million malicious and spam emails were sent from these hacked Office 365 accounts within 30 days.

Mimecast solutions

All solutions include our best-in-class protection as standard and a range of
tailored benefits. Discover which solution best suits your business.


An integrated cloud email security solution that requires no change to the MX record, Email Security, Cloud Integrated is specifically designed to enhance and extend M365 protection.

The solution deploys in minutes and provides immediate protection. It's ideal for IT and security teams looking to strengthen M365 and make managing email security a breeze.


Optimized M365 protections
Ready for use in minutes
Out-of-the-box applications
Minimum configuration
Simplified management
Remedy with one click
Extensibility through extensive APIs
World-class email security
Free 30 Day Trial

Email Security, Cloud Gateway is a secure email gateway in the cloud that makes any type of email environment, even the most complex, secure.

With its advanced management capabilities and a range of complementary solutions and integrations, it is ideal for IT and security teams looking to control risk and contain complexity.


Optimized protection for any type of email environment - M365, Google Workspace, hybrid, on-premises
Support for large and complex email environments (FAA, AAA)
Advanced management functions
Fast, easy integration with other security tools
Integrated, complementary solutions (e.g. continuity, archive, DMARC)
World Class Email Security