Proofpoint vs. Mimecast

July. 22, 2020

1:00-2:00AM PST

As businesses across the world become increasingly reliant on email as their primary form of communication, the issue of email security continues to grow more and more crucial. One way to improve upon email security is through the implementation of a “Secure Email Gateway” or SEG. Secure Email Gateway can effectively protect a company’s network from both incoming and internal email threats. Proofpoint and Mimecast are two popular Secure Email Gateway vendors. Specifically geared towards the needs of organizations mid-size and larger, Proofpoint and Mimecast can accommodate businesses with over 250 users. Furthermore, each of these corporate email encryption services offers advanced email security features such as protection against spam, viruses, and phishing attacks.


An innovative cloud-based email security solution, Proofpoint caters to organizations of 5 to 1000 individuals via Proofpoint Essentials. With Proofpoint Essentials, “small and medium enterprises [are protected] from advanced threats including phishing, malware, spam, and other forms of dangerous content.” Moreover, by preventing data theft, Proofpoint Essentials maintains the security of organizations’ most delicate, valuable, and proprietary information. Through its integrated Archiving and Continuity elements, Proofpoint presents businesses with accessible and cost-effective means of abiding by regulatory measures, as well as fostering business continuity. And after accumulating more than 100,000 Proofpoint Essentials users, this solution became the largest email security provider in the world. With simple, streamlined set-up and management, Proofpoint’s user-friendly infrastructure makes for a high-level email security solution.


A rather popular email security provider, Mimecast has found popularity amongst larger organizations. Mimecast offers strong social engineering security, specifically against phishing and impersonation attacks. Furthermore, Mimecast supplies users with effective protection against spam. Offering incredible ease of use and heightened visibility, Mimecast puts forth an extremely customizable solution that is bolstered by a comprehensive reporting system -- depicting both email security and volume.

Features Breakdown

Deciding which SEG solution is the best fit for your organization can be challenging. In order to make this choice, users are encouraged to familiarize themselves with integral elements that a reliable email security provider should supply, specifically features and pricing.

Threat Detection

Widely considered to be one of the most imperative elements of an email secure gateway, comprehensive threat protection is crucial. As a result, both Proofpoint Essential and Mimecast offer users an expansive breadth of threat protection features. The two solutions have been found to be more effective when compared to Office 365, specifically in terms of their ability to block malicious content like spam and viruses. 

However, Proofpoint claims to be superior to Mimecast, citing email testing performed internally that caught 1,152 phishing and spoof emails which Mimecast has previously deemed clean. Furthermore, Proofpoint claims to invest more money in emerging threat research -- with 20% of revenue into research and development as opposed to Mimecast’s 12.5% investment.

Additionally, the two providers have their unique, respective approaches to threat protection. While “Proofpoint utilizes their own internal treat protection technologies, including MLX & CLX, multiple AV engines and custom filters for inbound and outbound emails…[,] Mimecast utilizes third party threat intelligence vendors to power their threat protection platform.” Moreover, Mimecast provides users with LastLine powered AV sandboxing, Vade Secure-powered URL scanning and URL reputation checking.

Spam Filtering

Putting a stop to spam is another key aspect of email security. Both Proofpoint and Mimecast work to address this issue, offering their users comprehensive spam filtering. Furthermore, both of these SEG providers put forth a SLA (Service Level Agreement) committing to blocking 99% of spam before it can enter the user’s inbox. The two providers also supply inbound and outbound protection against spam, preventing organizations from receiving spam, as well as from being utilized as a mode of spam dissemination. 

Admin Features

Robust admin features are vital, as they enable admins to be instrumental in the prevention and rectification of email security breaches. Both Proofpoint and Mimecast may be incorporated with Office 365 and Outlook. Specifically, incorporation of either of these solutions is rather simple for Office 365 admins, as Azure Active Directory allows for automatic syncing to either Proofpoint or Mimecast.

With that being said, this is the category in which key differences between Proofpoint and Mimecast begin to emerge. Although both platforms offer Single Sign On, Proofpoint continues to advance and supply alternate options for single-sign, particularly for MSPs and Reseller customers. And even though it provides options for per-user policy management, Proofpoint provides advanced end user control options, offering a user digest that enables users to access emails that may have been deleted or retrieved.

On top of self-service security options, Mimecast also allows admins to manage the sharing of large files. And unlike Proofpoint Essentials, Mimecast currently supplies complex routing scenarios that allow for organizations with various mail servers spread out globally to direct mail to the user’s local server. With Proofpoint, this feature is exclusive to the Enterprise platform.


Reporting assists admins in narrowing down the source of threats so that they might properly address and correct them. Both Proofpoint and Mimecast deliver PDF reports that detail emails’ origins. While “Proofpoint provides real time mail flow reports…[, Mimecast] provid[es] reports on inbound and outbound emails.” And Reports and breakdowns per individual user are offered by both platforms, which allows admins to gather more focused and detailed information regarding specific users and groups.

End-User Features

Equally important, end-user features help end-users to maintain productivity, allowing them to recover lost emails, free emails from quarantines, and blow or allow unique senders and recipients. With both Proofpoint and Mimecast, end-users are provided an email digest, detailing spam emails that were blocked. Moreover, both providers allow for lost or accidentally deleted emails to be retrieved, while simultaneously offering access to the user’s email archive -- where past email correspondences are collected in a single location.

However, in terms of end-user self-service, Proofpoint outranks Mimecast. This is due to the fact that Mimecast holds emails for retrieval for a mere 14 days, while Proofpoint holds such emails for 30 days.

Data Loss Prevention

Data loss prevention is one of the most critical elements of email security. Provided by both Proofpoint and Mimecast, Outbound Filtering stops malicious actors from distributing spam via your organization’s network. Each of these platforms also offers DLP content filtering, which can effectively block particular emails containing sensitive, personal information and/or attachments. Furthermore, these providers both provide security through continuity, enabling the sending and receiving of emails in the event of a network failure. However, in this respect, Proofpoint provides a stronger solution -- supporting 30 days of email continuity as opposed to Mimecast’s 7 days.

Email encryption is an integral element of comprehensive data loss prevention, prohibiting access to emails by unintended recipients. And although each of these providers offers encryption services, Proofpoint provides much stronger encryption options, all included in Proofpoint Essential: user-based or user-enforced encryption. On the other hand, Mimecast’s email encryption offering comes at an extra cost, operating as an additional feature that is added onto their general email security features.

Pricing Breakdown

When determining which email secure gateway provider is the best fit for your organization, pricing is typically a major consideration. When comparing Proofpoint and Mimecast, Proofpoint Essentials is certainly the more cost effective option for businesses ranging from small to mid-size. With a starter package totalling 27% more than Proofpoint’s Business package, and M3R and M3RA packages totalling 50% more than Proofpoint’s comparable Advanced and Pro packages, Mimecast cannot compete in terms of cost. And to top it off, users incur charges for set-up and technical support when utilizing Mimecast.

The Best Alternative: Trustifi

Although each of these leading SEG providers has its pros and cons, the best alternative is -- without a shadow of a doubt -- Trustifi. Trustifi is an extremely user-friendly, convenient and comprehensive email security solution that offers top-notch advanced threat protection, data loss prevention, encryption, and real-time reporting and tracking. Easily incorporated with Gmail or Outlook in a matter of minutes, Trustifi can operate as an extra layer of protection, boosting your email provider’s existing security measures and giving user’s full control over their email security. Alternatively, Trustifi can help minimize human error and maintain user security. And thanks to an Open API and email relay options, Trustifi does not require any platform architecture changes. In addition, Trustifi provides expert advanced threat detection that users can depend on, with crucial fraud, spoofing, phishing, malware, and virus detection. With unmatched email security software, Trustifi provides users with NSA-grade end-to-end email encryption with the click of a button. Versatile and customizable, Trustifi can be tailored to each organization’s needs. And with all of the features included in the highest level of protection provided by both Proofpoint and Mimecast, Trustifi outperforms its competitors at a lower monetary cost.

Try Trustifi Today


See if Trustifi Is Right for Your Organization