Phase 1: Discovery & Planning (1-2 Weeks Before Cutover)

1.1 Current State Evaluation

• Document current Mimecast configuration
• User accounts and groups
• Policy definitions and rules
• Managed sender lists (permitted/blocked senders)
• Custom configurations and integrations
• Document current MX records for all domains
• List all mail flow routing rules and conditions
• Identify admin users and service accounts
• Document API integrations and connected applications

1.2 Archive Data Export

• Export email archive data (if using Mimecast Cloud Archive)
• Log into Mimecast Administration Console
• Navigate to Archive > Search
• Select messages to export using search criteria
• Export in .eml format
• Limitation: Export limits vary by search type and date range
• Documentation: Mimecast Archive Search and Export
• Export held/quarantined messages
• Navigate to Administration > Gateway > Policies
• Review and export messages from spam queues

1.3 Compliance & Legal Requirements

• Verify data retention compliance requirements
• Coordinate with Legal team on data retention requirements
• Ensure audit trail preservation for compliance purposes
• Export audit logs and compliance reports as needed

Phase 2: Pre-Migration Setup (48-72 Hours Before Cutover)

2.1 DNS Preparation

• Lower DNS TTL values for MX and TXT records to 300-600 seconds
• Critical: This must be done at least 48 hours before cutover to ensure old TTL values expire
• This enables faster propagation and rollback if needed during cutover
• Prepare (but do not apply) new MX records for direct mail delivery
• Document current SPF records that include Mimecast

2.2 Configuration Transfer to Sublime

• Transfer managed sender lists to Sublime Lists
• Export permitted/blocked senders from Mimecast
• Navigate to Administration > Gateway > Policies > Managed Senders
• Export lists and convert to Sublime format

• Migrate all admin users & service accounts to Sublime
• Transfer filtering rules and policies
• Document all policy settings in Administration > Gateway > Policies
• Export and retain content examination policies
• Export and retain attachment protection policies
• Export and retain anti-spoofing policies

2.3 Sublime Verification

• Confirm Sublime is fully configured and malicious auto-remediations are enabled
• Your team should also consider enabling Sublime’s graymail prevention ahead of the cut-over as well

• Verify all policies are active and correctly configured
• Confirm API connections to M365/Google Workspace are functional
• Test detection rules with sample messages (if possible)

2.4 Rollback Plan Documentation

• Document current Mimecast MX records for quick restoration
• Establish communication plan with end users

Phase 3: Cutover (Scheduled Maintenance Window)

Recommendation: Schedule during low email volume hours.

3.1 Update DNS Records (Do This First)

• Update MX records for all domains
• Replace Mimecast MX records with direct delivery records
• Remove .mimecast.com MX records (typically [region]-mx.mimecast.com)
• Google Workspace: MX Record Setup
• Microsoft 365: MX Record Setup
• Monitor DNS propagation
• Use dig mx <your_domain> or nslookup -type=mx <your_domain>
• Verify new MX records are resolving before proceeding
• Allow 15-30 minutes for initial propagation with lowered TTL

3.2 Update SPF Records

• Remove Mimecast include statements from SPF:
• Remove include:*.mimecast.com or include:_netblocks.mimecast.com
• Verify SPF record syntax is valid after changes

3.3 Update DKIM Configuration

• Remove Mimecast DKIM selectors if configured
• Reconfigure DKIM signing for direct mail flow
• Verify DKIM is signing correctly

3.4 Remove Mimecast Mail Flow Configuration

For Microsoft 365:

• Remove Mimecast connectors
• Navigate to Exchange Admin Center > Mail Flow > Connectors
• Delete inbound connector from Mimecast
• Delete outbound connector to Mimecast
• Remove mail flow rules
• Delete bypass spam filtering rules for Mimecast IPs
• Remove custom routing rules to Mimecast
• Clean up SCL (Spam Confidence Level) bypass rules
• Remove transport rules created for Mimecast integration
• Re-enable native protection
• Turn on Exchange Online Protection
• Re-enable "Apply future recommended settings automatically"
• Configure built-in anti-spam and anti-malware settings

For Google Workspace:

• Disable inbound gateway settings
• Go to Apps > Google Workspace > Gmail > Spam, Phishing, and Malware
• Edit Inbound Gateway and check "Disable"
• Important: If you have additional IPs using your inbound gateway, only remove the Mimecast IPs
• Remove routing rules
• Navigate to Settings for Gmail > Routing
• Disable or delete Mimecast routing rules
• Remove split delivery configurations if applicable
• Remove custom routing configurations

3.5 Cutover Verification

• Send test emails (internal to internal, external to internal, internal to external)
• Verify emails are flowing through Sublime correctly
• Check Sublime dashboard for incoming mail processing
• Monitor for any bounce-backs or delivery failures
• Confirm no mail is queuing in Mimecast

Phase 4: Post-Cutover (24-48 Hours After)

4.1 Monitoring Period

• Monitor mail flow for 24-48 hours
• Review Sublime detection logs for false positives/negatives
• Check user reports of missing or delayed emails
• Verify all mail is bypassing Mimecast completely

4.2 DNS Finalization

• Verify full DNS propagation (24-48 hours)
• Use multiple DNS checking tools to confirm global propagation
• Restore DNS TTL values to normal (3600+ seconds)

4.3 Infrastructure Cleanup

• Remove firewall rules allowing Mimecast IP ranges
• Disconnect Mimecast API integrations
• Remove API keys and service accounts
• Update SIEM integrations if Mimecast logs were being forwarded
• Clean up monitoring or alerting for Mimecast services
• Remove Mimecast Outlook/desktop plugins from user endpoints (if deployed)

4.4 Mimecast Account Closure

• Confirm all data has been exported and retained as required
• Contact Mimecast to initiate account termination
• Obtain confirmation of data deletion (if required for compliance)