What is the maximum number of "Hits" that can trigger an Impersonation Protection policy?

The maximum number of "Hits" that can trigger an Impersonation Protection policy is two. In the context of Mimecast's Impersonation Protection, a "Hit" refers to the detection of an email that exhibits characteristics indicative of impersonation attempts. These characteristics are analyzed through various checks, which may include examining patterns in the email addresses, domains, and the content of the messages.

By setting the threshold for triggering a policy at two hits, Mimecast aims to balance between effectively detecting potential threats while minimizing false positives. This allows for the identification of suspicious emails that may attempt to impersonate legitimate users, thereby enhancing the security posture of an organization.

Understanding this threshold is crucial for administrators to configure their email security systems effectively and ensure they are adequately protected from impersonation fraud, which is a common tactic used in various cyber-attacks.