Seeing GSuite and/or Microsoft Office in the list of senders in your reports is normal and is something we see in nearly all of our customers' accounts. As they are two of the biggest ISPs in the world, a lot of your emails will end up at G Suite or Office 365. These users may have auto-forwarding rules set up to automatically forward any emails they receive to another destination. 

For example:

MimecastGSuite (auto-forward) → Hotmail

When the above happens, Hotmail will see G Suite as the sender of your emails. Therefore, if you are not using G Suite or Office 365 but they still appear as a sender in your account, it is because they are forwarders and nothing to worry about. They should be marked as Threats. 

NOTE: In the above example, if Mimecast was only configured with SPF then emails would fail DMARC when auto-forwarded by G Suite since SPF breaks during forwarding.

It is therefore imperative that Mimecast, as well as any other valid sending sources, be configured with both SPF and DKIM. DKIM signatures travel along with your emails when auto-forwarded, which is why DMARC will pass, and the final recipient will be able to validate that they have come from your legitimate source.

Did this answer your question?