If your organisation has decided to deploy Mimecast, buying through a certified Mimecast partner ensures that the product is properly configured — not just licensed. MX records, SPF/DKIM/DMARC alignment, and Microsoft 365 integration require technical expertise to get right. A misconfiguration at the MX level can cause email delivery failures or leave security gaps.
Cloudfy Systems is a certified Mimecast partner in India. This post explains what we handle as part of a Mimecast deployment and what to look for when choosing a Mimecast reseller.
What Makes a Mimecast Partner Different from a Direct Purchase?
Mimecast is available to buy directly. The difference when buying through a certified partner like Cloudfy:
Technical configuration is included: Mimecast requires specific DNS and mail flow changes — MX records, SPF record updates, Microsoft 365 connectors, Mimecast API connections. A certified partner handles all of this. A direct purchase leaves your IT team to configure it from documentation.
DMARC and authentication alignment: Most organisations that deploy Mimecast also need their DMARC, SPF, and DKIM properly aligned. Misaligned email authentication causes Mimecast's outbound signing to conflict with existing records — resulting in email being marked as spam or rejected. Cloudfy sets this up correctly from day one.
GST invoice for Indian businesses: Mimecast's direct portal issues USD invoices. Buying through Cloudfy gives you an INR-denominated invoice with Indian GST (GSTIN: 09AAOFC1060G1ZK) for proper accounting and ITC claims.
Local support in your time zone: Mimecast's global support operates on international business hours. Cloudfy's support is available during Indian business hours — and for critical issues like email delivery failures, local support responsiveness matters.
What Cloudfy Handles as Your Mimecast Partner
Licensing and Provisioning
We determine the right Mimecast tier (Core, Continuity, or Advanced + Archiving) based on your requirements, raise the purchase, and provision your Mimecast account. Your Mimecast admin console is activated and handed over to your team within 24–48 hours.
MX Record Configuration
The central technical step in a Mimecast deployment is updating your domain's MX records to route all inbound email through Mimecast's infrastructure.
Before:
yourdomain.com MX → yourdomain-com.mail.protection.outlook.com (M365 direct)
After:
yourdomain.com MX → eu1-smtp-inbound-*.mimecast.com (Mimecast inbound)
Mimecast delivers clean email → M365 via a secure outbound connector
Cloudfy provides the exact MX record values from your Mimecast account and coordinates the update with your DNS provider or IT team. We verify mail flow before and after the change.
SPF Record Update
Your SPF record must include Mimecast's sending infrastructure for outbound email to be properly authenticated:
Before: v=spf1 include:spf.protection.outlook.com -all
After: v=spf1 include:spf.protection.outlook.com include:eu1.mimecast.com -all
(The exact Mimecast SPF include depends on your Mimecast region — Cloudfy confirms this from your account.)
DKIM Signing
Mimecast can sign your outbound email with DKIM. This requires adding two DKIM CNAME records to your DNS zone. Cloudfy generates these from your Mimecast account and coordinates the DNS addition with your team.
Once DKIM is signed through Mimecast, all outbound email — including email sent via Microsoft 365 routed through Mimecast — is signed with your domain's DKIM key.
DMARC Setup
If you don't have DMARC configured, Cloudfy sets it up in monitoring mode as part of the Mimecast onboarding:
_dmarc.yourdomain.com TXT "v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com"
Starting with p=none allows you to see all email being sent from your domain (including from third-party services) in the Mimecast DMARC Analyser before you move to enforcement. Cloudfy reviews the DMARC reports with you and helps you progress to p=quarantine and eventually p=reject safely.
Microsoft 365 Integration
For M365 tenants, Cloudfy configures:
Inbound Connector (M365 side): An inbound connector that accepts email from Mimecast's IP ranges, bypassing M365's own spam filter to avoid double-scanning.
Outbound Connector (M365 side): A send connector that routes all outbound email from M365 through Mimecast for outbound scanning, DLP, and DKIM signing.
Mimecast API Connection: For the email continuity and archiving features, Mimecast requires an OAuth connection to your M365 tenant (via an Azure AD app registration). Cloudfy creates this with the minimum required permissions.
Policy Configuration
After the technical setup, Cloudfy configures Mimecast's security policies:
Inbound email policies:
- Spam detection threshold (aggressive, balanced, or lenient)
- Greylisting settings
- SPF, DKIM, DMARC enforcement actions (quarantine vs. bounce)
Targeted Threat Protection (if on Continuity tier):
- URL Protection: which email types to apply URL rewriting (all internal + external senders, or external only)
- Attachment Protection: which file types to sandbox (all executable types are included by default)
- Impersonation Protection: executive names and email addresses to monitor for impersonation attempts
Outbound policies:
- DLP rules — email with specific patterns (PAN card numbers, bank account numbers, Aadhaar numbers) is blocked or tagged
- Outbound DKIM signing — ensure all outbound email is signed
After Deployment — Ongoing Support
Cloudfy's role doesn't end at deployment. Common post-deployment support requests we handle:
Allowlisting legitimate senders: Third-party services (newsletters, CRMs, HR platforms, bank alerts) are sometimes incorrectly blocked by Mimecast. Cloudfy reviews the Mimecast message centre and adds legitimate senders to the allowlist within hours of a report.
Tightening DMARC enforcement:
After 4–6 weeks on p=none, we review your DMARC reports together and identify any remaining unauthenticated senders. Once those are remediated, we move to p=quarantine and then p=reject.
Policy adjustments: As your business processes change — new third-party email senders, new departments, new remote working policies — Mimecast's policies need to be updated. Cloudfy handles these changes as part of ongoing support.
Mimecast licence renewals: We notify you 60 days before your Mimecast licence expires and process the renewal with no disruption to your mail flow.
Mimecast for Different Indian Business Sectors
Financial Services (NBFCs, Brokers, CA Firms)
Mimecast Advanced + Archiving is the right tier. SEBI requires email retention for registered intermediaries. Mimecast's tamper-proof archiving with 99-year retention and eDiscovery satisfies this requirement at a lower cost and less administrative overhead than managing on-premise email archives.
BEC (Business Email Compromise) is the highest-risk email threat for financial services. Mimecast's impersonation protection — detecting emails that impersonate your CFO, CEO, or client — is a critical control.
Legal Firms
Legal firms handle privileged communications that cannot be lost. Mimecast archiving ensures that every email is preserved even if a user accidentally deletes it — and eDiscovery makes it possible to locate relevant emails quickly during litigation.
Healthcare
Email delivery reliability is critical in healthcare (appointment communications, lab reports, prescription information). Mimecast's email continuity ensures that healthcare email keeps flowing even during Microsoft 365 outages or maintenance windows.
Manufacturing & Export
For exporters dealing with international buyers, BEC attacks targeting payment instructions are a major fraud risk. Mimecast's impersonation protection and TTP URL scanning are the primary controls for this risk.
IT Service Providers (MSPs)
For MSPs managing email security for multiple clients, Mimecast's multi-tenant architecture allows a single admin to manage policies across all client domains from one console. Cloudfy offers MSP pricing for Mimecast — contact us for details.
How to Get a Mimecast Quote
To receive an exact INR quote for Mimecast:
- Tell us your user count
- Preferred tier (Core, Continuity, or Archiving)
- Your current email platform (M365, Google Workspace, or on-premise Exchange)
- Whether you currently have any DMARC/SPF/DKIM configuration in place
Contact Cloudfy Systems — call or WhatsApp +91 97600 50555, or email connect@cloudfysystems.com. We'll respond with a detailed INR quote within 4 business hours.
FAQ — Mimecast Partner India
How long does a Mimecast deployment take? For a standard Microsoft 365 deployment with 25–200 users, the full deployment (MX change, SPF/DKIM, M365 connectors, policy configuration) typically takes 1–2 business days. The MX cutover itself takes 15 minutes to 1 hour (depending on your DNS TTL).
Will there be any email downtime during the MX change? No, if done correctly. We stage the DNS update with a short TTL and verify Mimecast is receiving email before extending the TTL. Email that was in-flight during the change may experience a delay of a few minutes, but no email is lost.
Can Mimecast be deployed without changing MX records? For Microsoft 365, Mimecast can be configured in "Journal" mode (without MX change) for archiving-only deployments. However, for email security (threat protection and continuity), MX records must point to Mimecast. Cloudfy will confirm the right approach for your requirements.
What happens if Mimecast itself has an outage? Mimecast's platform has multiple redundant data centres with 99.999% availability SLA. In the extremely rare case of a Mimecast service disruption, email queues at the sending server and delivers once Mimecast recovers — no email is lost. Mimecast publishes real-time status at their status page.
Ready to deploy Mimecast? Contact Cloudfy Systems — certified Mimecast partner in India. INR billing, GST invoice, complete MX setup included.
→ View Mimecast product page → Mimecast Pricing India 2026 → Related: Zoho Mail SPF DKIM DMARC Setup Guide