Mimecast DMARC Analyzer Integration Setup
This guide walks you through integrating Mimecast DMARC Analyzer with RAD Security to ingest your DMARC posture and email-authentication telemetry for external attack-surface and email-security analysis. Mimecast DMARC Analyzer is an email-authentication (DMARC/SPF/DKIM) platform. RAD Security connects to the Mimecast API 2.0 and pulls your monitored domains, DNS record-change/issue events, and DMARC reports on a scheduled basis. It complements the registration/DNS providers in Domain Security (CSC Global, DNS Made Easy) by adding DMARC posture and reporting on top of domain data.Read-only integration: RAD Security only reads data from Mimecast DMARC Analyzer. It never creates, modifies, or deletes domains, DNS records, or reports in your account.
Beta: This integration is in beta while DMARC report parsing is validated against live tenants. Domain posture and DNS record-change/issue events are the primary streams.
Prerequisites
Before you begin, ensure you have:- A Mimecast account with access to the Administration Console
- A Mimecast API 2.0 Application with the DMARC Analyzer Product entitlement
- The application’s Client ID and Client Secret
- Access to a RAD Security workspace with integration permissions
Understanding Integration Components
Client ID + Client Secret
Client ID + Client Secret
RAD Security authenticates with a Mimecast API 2.0 Client ID and Client Secret using the OAuth2 client-credentials flow. You supply both; RAD exchanges them for a short-lived bearer token and refreshes it automatically.
DMARC Analyzer Product Entitlement
DMARC Analyzer Product Entitlement
The API 2.0 Application must have the DMARC Analyzer Product associated with it. Without this entitlement Mimecast returns a
403, and the integration reports that API access is not entitled.Domain Posture
Domain Posture
Your monitored domains and their DMARC/SPF/DKIM posture and enforcement policy, pulled as domain assets and refreshed each cycle.
DNS Record-Change / Issue Events
DNS Record-Change / Issue Events
DMARC Analyzer events describing DNS record changes and detected issues on your monitored domains. These are ingested incrementally — only new events each cycle.
Aggregate (RUA) & Failure (RUF) Reports
Aggregate (RUA) & Failure (RUF) Reports
DMARC aggregate (RUA) reports summarize who is sending on behalf of your domains and how that mail authenticated. Failure (RUF) reports describe individual failing messages and can contain message-level personal data (sender, recipient, subject). RUF ingestion is opt-in and off by default; when enabled, RAD hashes sender/recipient addresses and redacts the subject before storing anything.
Step 1: Create an API 2.0 Application in Mimecast
Sign in to the Administration Console
Log in to the Mimecast Administration Console with an administrator.
Create an API 2.0 Application
Navigate to the API 2.0 application settings and create a new application. Associate the DMARC Analyzer Product with the application so it is entitled to the DMARC Analyzer endpoints.
Exact console navigation and labels may vary by Mimecast plan and region. See the Mimecast API 2.0 documentation for the current steps to create an application, associate Products, and generate credentials.
Configure in RAD Security
Navigate to your RAD Security workspace and configure the Mimecast DMARC Analyzer integration with the following parameters:Required Parameters
| Parameter | Description |
|---|---|
| Client ID | Client ID of the Mimecast API 2.0 Application (with the DMARC Analyzer Product entitlement) |
| Client Secret | Client Secret paired with the Client ID, used to mint short-lived API tokens |
Optional Parameters
| Parameter | Description |
|---|---|
| Ingest failure reports (RUF) | Also ingest forensic failure reports once the Reports subsystem is enabled. These carry message-level PII (sender, recipient, subject); RAD hashes addresses and redacts subjects before storage. Boolean; default off. |
RAD Security handles token exchange and refresh automatically — you provide the Client ID and Client Secret.
Verify Integration
Your Mimecast DMARC Analyzer integration is now configured! RAD Security will ingest your DMARC domain posture and DNS record-change/issue events on a scheduled basis (and DMARC reports as validated, including failure reports if you enabled them).
What Data is Synced
Domain Posture
Domain Posture
- Monitored domains as domain assets
- DMARC/SPF/DKIM presence and the DMARC enforcement policy (none/quarantine/reject)
DNS Record-Change / Issue Events
DNS Record-Change / Issue Events
- DNS record changes and detected issues on your domains, as activity events
- A finding is raised for issue events that indicate a posture problem
Aggregate (RUA) Reports
Aggregate (RUA) Reports
- Per-sending-source authentication outcomes (SPF/DKIM results, disposition, volume)
- A finding is raised for authentication failures
Failure (RUF) Reports — opt-in
Failure (RUF) Reports — opt-in
- Individual failed-message reports, with sender/recipient hashed and subject redacted
- A finding is raised per failure report
On first connection RAD backfills recent events, then syncs incrementally (only new events each cycle). Domain posture is refreshed each cycle; the re-insert is skipped when the snapshot is unchanged.
Use Cases
Email Authentication Posture
Track DMARC/SPF/DKIM coverage and enforcement policy across your domains.
DNS Change Monitoring
Surface DNS record changes and DMARC issues as they are detected.
Enforcement Rollout
Monitor progress toward p=quarantine/reject without breaking legitimate mail.
Attack Surface Analysis
Combine DMARC posture with domain and DNS data for a fuller external view.
Mimecast DMARC Analyzer focuses on email authentication. Pair it with CSC Global and DNS Made Easy for registration, TLS, and operational DNS coverage.
Troubleshooting
API Access Not Entitled
API Access Not Entitled
Possible causes:
- The API 2.0 Application does not have the DMARC Analyzer Product associated, or the account lacks the DMARC Analyzer entitlement (Mimecast returns
403)
- Add the DMARC Analyzer Product to the API 2.0 Application, confirm the account entitlement, then re-verify
Authentication Failed
Authentication Failed
Possible causes:
- Incorrect Client ID or Client Secret (Mimecast returns
401)
- Verify both values are copied correctly (no extra spaces)
- Regenerate the credentials in the Mimecast Administration Console and update them in RAD Security
No Failure Reports
No Failure Reports
Possible causes:
- RUF ingestion is off (default), or there are no failure reports in the window
- Enable Ingest failure reports (RUF) in the integration settings if you want forensic reports
- Confirm your Mimecast account is receiving RUF reports for the domains
Empty Results
Empty Results
Possible causes:
- The account has no monitored domains or no events in the recent window
- Confirm the account has domains configured in DMARC Analyzer and is receiving DMARC data
Security Best Practices
Use a Dedicated Application
Create a dedicated API 2.0 Application for RAD rather than reusing one scoped to other integrations.
Rotate Credentials
Regenerate the Client ID and Client Secret periodically according to your security policy.
Secure Storage
Store the Client Secret in a secrets vault. Never commit it to version control.
Treat RUF as Sensitive
Enable failure-report (RUF) ingestion only when needed; RAD hashes addresses and redacts subjects, but RUF is inherently more sensitive than RUA.
Additional Resources
Mimecast API 2.0 Docs
Official Mimecast API developer documentation
Domain Security Overview
Learn about RAD’s domain security integrations
Next Steps
EasyDMARC Setup
Add DMARC posture and reporting with EasyDMARC
CSC Global Setup
Add domain registration and TLS coverage with CSC Global
DNS Made Easy Setup
Add operational DNS coverage with DNS Made Easy