Mimecast
best deal
Explore Mimecast's Protect Plan with AI-powered email security starting today.
redeem nowWe start with direct ratings from our readers, then look at what real users are saying in practitioner forums and community spaces. We pair that with search demand data and profession-level persona analysis.
Editorial note: this was originally published in august of 2024
quick take
based on real user feedback, community sentiment, pricing value, and fit for target audience. see our full methodology
used Mimecast? we'd love to know your thoughts
reader ratings shape our score
Mimecast is a cloud-based email security platform that combines threat protection, archiving, and email continuity into a single contract rather than requiring separate vendors for each function. CISO/Security Leaders and Compliance Officers in regulated industries get the clearest value from the compliance reporting and centralised visibility. The tradeoff is real: the security detection layer is solid, but the admin console is genuinely dated and the false positive burden means Security Administrators will spend meaningful time on maintenance, not just deployment.
Pricing isn't public, but Mimecast operates on annual contracts across three tiers: Protect (core AI-powered email security), Protect Plus (adds continuity and data protection), and a Custom Plan for archiving and DMARC management. It's available as a cloud service integrating with Microsoft 365 and Google Workspace. Before you sign, run a trial and track false positive volume in your environment, because that tuning cost will determine whether the total cost of ownership is actually justified versus a Microsoft-native alternative you may already be paying for.
monthly search interest
40.5k/mo now
Mimecast's search volume has been slowly declining since a 2022-2023 peak, with the drop more pronounced through late 2024 and into 2025. This pattern is typical of an established enterprise tool that's lost some ground to native platform security options, particularly Microsoft Defender, as organisations reassess what they're already paying for in their Microsoft 365 contracts. It's not a product in freefall, but the trajectory suggests you're evaluating a mature, stable product rather than a growing one.
Whether Mimecast is worth it depends heavily on your role and what part of the platform you'll actually own day-to-day. Pick your role below to see the honest breakdown.
overall sentiment
select your role to see what people like you are saying
CISO/Security Leader
positiveMimecast gives you the compliance reporting and centralised email security visibility that regulated industries need, and the phishing and malware detection holds up. The cost is the sticking point: annual contracts aren't cheap, and you'll need to account for the admin overhead of false positive tuning when making the case to finance. If you're primarily buying for compliance coverage alongside threat protection, it justifies itself. If you just need threat detection, Microsoft Defender Plan 2 may already be partly paid for.
strengths
concerns
Security Administrator
mixedThe threat blocking works and the reporting is useful for documenting incidents. But the false positive rate will own a chunk of your week: whitelist maintenance and user complaints are a constant. The admin console is slow to navigate, and routine policy changes take longer than they should. It's a capable tool that creates more daily friction than it should for the price.
strengths
concerns
IT Manager (Email/Continuity Focus)
mixedIf email continuity during Microsoft 365 outages is a genuine business risk, Mimecast is one of the cleaner ways to cover it without bolting on a separate vendor. The Microsoft 365 integration is solid and archiving works. The frustrations are real though: email delivery delays from scanning are noticeable to end users, the mobile app is weak, and false positives will generate support tickets you weren't expecting. Worth it if continuity is the primary goal; harder to justify on security alone.
strengths
concerns
Compliance Officer
positiveMimecast's data loss prevention, secure archiving, and compliance reporting capabilities directly support regulatory obligations in heavily regulated industries. The platform provides the audit trails and controls needed for GDPR, HIPAA, and similar frameworks, though cost remains a consideration.
strengths
concerns
“mimecast secure messaging is a pretty cheap add-on, but for internal messages it just sends an email with a 'secure messaging' footer, it doesn't actually send it to a secure portal.”
Reddit r/mimecast
Online reviews of Mimecast are predominantly negative, sitting below 2 stars across dozens of reviews on commercial platforms. The most consistent criticism centres on customer service quality, billing disputes, and contract inflexibility rather than the security technology itself. On Reddit's r/mimecast, active administrators surface more specific frustrations: the awareness training system draws sharp criticism, with one thread describing the campaign management as near-unusable due to confusing retry logic when employees fail quizzes. A separate thread questions whether Mimecast's secure messaging feature actually does what it claims, noting that internal messages sent via the add-on remain fully visible in standard Outlook clients rather than routing to a secure portal. Users who've installed the product on managed laptops also raise privacy concerns in the subreddit about what data the agent collects. The false positive rate is a recurring theme across all sources: legitimate emails getting quarantined creates a steady drip of support tickets that IT teams didn't budget for.
It depends which tier you're on and how large your organisation is. The Protect Plan covers AI-powered phishing and malware detection, which is the core reason most teams buy it, and that layer works well enough to justify the cost for organisations with 200+ users who face regular phishing attempts. The Protect Plus Plan adds email continuity, which is only worth the uplift if email downtime is genuinely a business-critical risk for you. Exact pricing isn't public, but enterprise-level contracts are typically annual and non-trivial to exit, so treat it as a multi-year commitment, not a monthly SaaS subscription.
Security Administrators and IT Managers at mid-to-large organisations who need consolidated email threat protection, archiving, and continuity in one platform. CISO/Security Leaders in regulated industries get the most out of the compliance reporting and visibility features. It's a poor fit for small teams without dedicated IT staff to manage the false positive tuning and admin console learning curve.
Two stand out. First, the false positive rate: legitimate emails get quarantined regularly, and keeping the whitelist maintained is an ongoing time cost that's easy to underestimate. Second, the admin console is genuinely outdated and unintuitive, meaning routine policy changes take longer than they should. The mobile app is also weak if out-of-office email management matters to your IT team. Some add-on features, like secure messaging, have implementation gaps that make them less useful than advertised.
Proofpoint is the stronger choice if your primary concern is a polished admin experience and enterprise-grade threat intelligence with a mature support model. Mimecast wins if you need email continuity and archiving bundled into the same contract alongside security, rather than managing separate vendors. For Microsoft-heavy organisations, Microsoft Defender for Office 365 Plan 2 is worth a serious cost comparison before committing to either: native integration removes a layer of friction, and the licensing may already be partly included in your M365 agreement.
Yes, this comes up consistently. The scanning process introduces noticeable delays, particularly on attachments going through sandboxing. For most organisations it's measured in seconds, not minutes, but users in time-sensitive roles will notice and raise tickets. It's worth flagging this expectation internally before rollout rather than treating it as a configuration problem to fix after complaints start.
toolsforhumans editorial team
Reader ratings and community feedback shape every score. Since 2022, ToolsForHumans has helped 600,000+ people find software that holds up after launch. how we research →
Box is a cloud-native content management platform that enables secure storage, collaboration, and content management. It offers features including security controls, AI-driven insights, workflow automation, and integrations across business applications. With scalable solutions for individuals, teams, and enterprises, Box helps organizations manage, share, and protect their digital content.
best deal
Try Box free with 10GB storage or get 30% off Enterprise plans when billed annually
Barracuda Networks is a cybersecurity company founded in 2003, offering AI-powered solutions for email, network, and data protection through its BarracudaONE platform. The product suite includes email gateway defense, web security, firewalls, cloud backup services, and managed XDR with multimodal AI threat detection.
best deal
Free trials available for email protection and other products
PimEyes is an advanced online facial recognition search engine that uses AI to perform reverse image searches across publicly accessible websites. It helps users monitor their digital presence, find instances of their face online, and provides tools for privacy protection, including image removal assistance and alert systems. Available through various subscription plans, PimEyes searches an index of 3.5 billion photographic images and focuses specifically on facial features rather than entire images.
best deal
Get 25% off annual plans: PROtect for $26.24/month or Advanced for $224.99/month
FaceCheck.ID is an AI-powered facial recognition search engine that allows users to upload a photo to find matching faces across social media, news sites, blogs, mugshot databases, sex offender registries, and criminal news for identity verification and safety checks. The platform scans over 763 million public images and returns results in seconds with confidence scores and source links.
best deal
Try FaceCheck.ID free with basic search, or start with 36 credits for just $6
Vanta is a compliance and security platform that automates up to 90% of compliance work for major security frameworks like SOC 2 and ISO 27001. It offers automated evidence collection, policy management, access control, and AI-powered tools to help businesses streamline compliance processes, strengthen security, and build stakeholder trust.
best deal
Free trial available with no credit card required. Core plan starts at $7,500 annually.
LogicGate is an AI-powered Governance, Risk, and Compliance (GRC) platform offering the Risk Cloud solution. The platform helps organizations manage cyber risk, third-party risk, compliance controls, and operational resilience through a no-code interface with built-in Spark AI features that automate evidence testing, form completion, and risk analysis.
best deal
Get started with Risk Cloud from $13,765/year and automate your compliance process with AI-powered features