Network: UK-MIMECAST-NET2 ⚠ Confounder

⚠ Confounder Detected: Mimecast Email Security Gateway
Mimecast is a cloud-based email security gateway that enterprises route all inbound and outbound corporate email through for spam filtering, malware scanning, URL click-protection, and archiving. It breaks DKIM authentication by modifying message bodies during inline security processing — URL rewriting and footer insertion invalidate the original DKIM body hash. On the SPF side, Mimecast relay IPs become the actual sending IPs, breaking SPF alignment unless the domain owner has explicitly included Mimecast netblocks in their SPF record and enabled SPF alignment in the Mimecast admin console. DMARC failures originating from Mimecast IP ranges are almost always legitimate corporate email with a configuration gap, not spoofing or spam attempts.

This page shows DMARC authentication failures originating from the UK-MIMECAST-NET2 network. Learn more about this data.

Network Information

WHOIS Owner:: ORG-MSL21-RIPE
Countries:: GB

Unique IPs:: 1

CIDR:: 185.58.85.0/24

Analysis

This network has contributed 1 unique IP address across 2 failed authentication events, accounting for 2 messages. Activity spans from August 21, 2025 to September 2, 2025, with peak volume in August 2025 (1 event). The top countries by failure volume are United Kingdom (100%). The most active source IP from this network includes 185.58.85.196 (2 failures). A single IP dominates activity from UK-MIMECAST-NET2, suggesting a concentrated or persistent source rather than distributed infrastructure.

Failures Detected from this Network

Showing 1-2 of 2 failures, affecting 2 messages

Show Confoundersⓘ

Date ▼	Source IP	Country	Messages
9/2/2025	185.58.85.196 ⚠	GB	1
8/21/2025	185.58.85.196 ⚠	GB	1

Countries

United Kingdom