Sh4mefulNetwork: UK-MIMECAST-NET3 โ Confounder
โ Confounder Detected: Mimecast Email Security Gateway
Mimecast is a cloud-based email security gateway that enterprises route all inbound and outbound corporate email through for spam filtering, malware scanning, URL click-protection, and archiving. It breaks DKIM authentication by modifying message bodies during inline security processing โ URL rewriting and footer insertion invalidate the original DKIM body hash. On the SPF side, Mimecast relay IPs become the actual sending IPs, breaking SPF alignment unless the domain owner has explicitly included Mimecast netblocks in their SPF record and enabled SPF alignment in the Mimecast admin console. DMARC failures originating from Mimecast IP ranges are almost always legitimate corporate email with a configuration gap, not spoofing or spam attempts.
Mimecast is a cloud-based email security gateway that enterprises route all inbound and outbound corporate email through for spam filtering, malware scanning, URL click-protection, and archiving. It breaks DKIM authentication by modifying message bodies during inline security processing โ URL rewriting and footer insertion invalidate the original DKIM body hash. On the SPF side, Mimecast relay IPs become the actual sending IPs, breaking SPF alignment unless the domain owner has explicitly included Mimecast netblocks in their SPF record and enabled SPF alignment in the Mimecast admin console. DMARC failures originating from Mimecast IP ranges are almost always legitimate corporate email with a configuration gap, not spoofing or spam attempts.
This page shows DMARC authentication failures originating from the UK-MIMECAST-NET3 network. Learn more about this data.
Network Information
- WHOIS Owner:
- ORG-MSL21-RIPE
- Countries:
- GB
- Unique IPs:
- 3
- CIDRs:
-
185.58.86.0/24,185.58.87.0/24
Analysis
This network has contributed 3 unique IP addresses across 8 failed authentication events, accounting for 9 messages. Activity spans from March 13, 2024 to October 2, 2025, with peak volume in August 2025 (2 events). The top countries by failure volume are United Kingdom (100%). The most active source IPs from this network include 185.58.87.43 (4 failures), 185.58.86.196 (3 failures), 185.58.87.41 (1 failure). Failures from UK-MIMECAST-NET3 are concentrated in a single country, which may indicate a targeted campaign or regionally hosted infrastructure.
Countries