How to identify if a company uses email filtering/security measures like Mimecast or ProofPoint?
Summary
What email marketers say11Marketer opinions
Marketer from Email Geeks shares that Inbox Monster has a feature called Subscriber Insights that allows a user to upload a list of domains and see the underlying MX records along with how many subscribers and domains roll up to a specific provider.
Email marketer from Neil Patel's website explains that checking a recipient's IP reputation can offer clues. If the IP is associated with a known security service, it suggests filtering is in place.
Email marketer from Reddit shares that analyzing bounce codes shows that certain codes and messages indicate rejections by security services like Proofpoint or Mimecast.
Email marketer from EmailMarketingForum.net recommends sending a test email to a seed list that includes addresses at various companies and email providers. By examining the headers of these test emails, you can often identify if filtering services are in use.
Email marketer from Reddit shares that examining the return-path address in the email header may reveal if a filtering service is being used.
Email marketer from StackExchange shares that examining the email headers can expose the path an email took, revealing filtering services like Mimecast or Proofpoint if they're in the route.
Marketer from Email Geeks shares that you can use DNS lookup of the MX records for a domain to see what the first-hop receiving MTA is, and if it's a filter, it sometimes shows up using the filter provider's domain name.
Email marketer from EmailMarketingSecrets.com explains that drastically different open rates between recipients within the same company or sending emails may indicate the use of a filtering service. This prompts further investigation into their email security setup.
Email marketer from EmailMarketingTips.com shares the method of sending a test email to a known seed list and observing the headers is a good way to see what filters are in place.
Email marketer from DeliverabilityBlog.com shares that using Spamhaus to check the IP and domain reputation shows insight if security measures are used. Bad reputations suggest strong filtering.
Email marketer from EmailSecurityForums explains that looking at the HELO domain in the email header might expose known filter providers. This helps ID if a company is using filters.
What the experts say4Expert opinions
Expert from Word to the Wise shares that by analyzing bounce messages and email headers for specific identifiers, one can often detect the presence of filtering services like Proofpoint or Mimecast. The key is to look for patterns and known signatures within the data.
Expert from Spam Resource explains that appliance-based filters may not always be identifiable via MX records, requiring deeper inspection of bounce messages and connection behavior. However, one strategy is to look at common filtering appliances such as Barracuda.
Expert from Email Geeks explains they have an extensive classification of filters based on MXs, and they can get about 75-80% of a list classified by the first hop filter.
Expert from Email Geeks shares they have clients send a list of domains, then they drop them in a database where they have custom scripts that do DNS lookups and store the results and cleans up the records to consolidate them and labels the ones they know of.
What the documentation says4Technical articles
Documentation from Proofpoint answers that email headers often include information indicating that Proofpoint has processed the message. Look for "X-Proofpoint-SPF" or similar headers.
Documentation from MXToolbox explains that using MXToolbox's online tools can provide information about a domain's MX records and DNS settings. This can help identify if common filtering services are being used.
Documentation from Mimecast indicates that Mimecast adds specific headers like 'X-Mimecast' to processed emails. Their presence confirms Mimecast is used.
Documentation from Google explains how to use the `dig` command or Google Admin Toolbox to find MX records. These records can reveal the first hop server, potentially exposing the use of filtering services.