Email Security S1, S2, S3 bundles, archiving, awareness training, DMARC Analyzer, and incident response. Our benchmark database covers 140+ Mimecast enterprise contracts. Here is what the pricing data actually shows — and where Microsoft 365 E5 is changing the competitive math.
Per user per year subscription; S1/S2/S3 bundle tiers; archiving priced per user plus storage overage; training per seat
1–3 year subscription; 3-year terms receive 8–12% additional discount with annual price cap
25–45% off list; 40–55% in competitive displacements against Proofpoint or on M365 E5 migration threat
120 days recommended; Mimecast contacts at 90 days with bundle upgrade proposals
Mimecast is one of the two dominant enterprise email security vendors (alongside Proofpoint). Since being taken private by Permira in 2022, Mimecast has focused on expanding beyond traditional email gateway security into a broader human risk management platform — adding awareness training (through the Ataata acquisition), DMARC analysis (through the Dmarc Analyzer acquisition), brand exploit protection, and integrated incident response. Pricing has followed this strategic evolution, with the S1/S2/S3 bundle structure consolidating what was previously a more granular set of line-item modules. For the broader context, see our enterprise cybersecurity pricing guide.
The bundle structure is organized as follows. Email Security Essentials (S1 bundle) provides core inbound email security — anti-spam, anti-phishing, URL protection (time-of-click rewriting), and attachment protection (sandboxing). Advanced Email Security (S2 bundle) adds impersonation protection (detection of display-name and lookalike-domain spoofing), internal email protection (inspection of internal mail for post-breach malware and business email compromise), and brand exploit protection (DMARC monitoring with brand spoofing detection). Comprehensive Email Security (S3 bundle) adds the DMARC Analyzer active enforcement product, the integrated awareness training and simulated phishing platform, and incident response retainer hours.
Separately, Mimecast sells Email Archiving — a long-retention, legal-hold-capable archive with advanced search for compliance, legal discovery, and records retention workflows. Archiving is priced per user per year with storage-based overage for organizations with high-volume mail or long-retention requirements. Mimecast Archive is frequently retained even when organizations migrate the email security component to Microsoft Defender for Office 365, because archiving capability at Mimecast's level is materially stronger than Microsoft's native offering.
Additional modules include Mimecast Awareness Training (also available standalone), DMARC Analyzer (also available standalone or via S3), Mimecast Incident Response (retainer hours bundled with S3 or sold separately), and Mimecast Sync & Recover for Exchange and M365 data recovery.
Our benchmark data across 140+ Mimecast enterprise contracts shows 2026 pricing profile as follows. Note that archiving storage costs can add 15–40% to base subscription in long-retention compliance scenarios, which many published vendor comparisons omit.
| Product / Bundle | List Price (per user/yr) | Enterprise Benchmark | Achievable Discount |
|---|---|---|---|
| S1 Email Security Essentials | $18–$28 | $12–$20 | 28–36% |
| S2 Advanced Email Security | $28–$42 | $18–$28 | 30–38% |
| S3 Comprehensive Email Security | $42–$55 | $26–$38 | 30–40% |
| Email Archiving (per user/yr, base) | $8–$18 | $5–$12 | 30–40% |
| Archiving storage overage (per GB/mo) | $0.12–$0.25 | $0.08–$0.18 | 25–35% |
| Awareness Training (standalone, per seat/yr) | $14–$22 | $9–$16 | 28–38% |
| DMARC Analyzer (standalone, per domain/yr) | $2,800–$6,500 | $1,900–$4,500 | 28–38% |
| Incident Response Retainer (per hour pool) | $480–$680 | $340–$520 | 25–35% |
A 6,000-user enterprise on S2 Advanced Email Security plus Email Archiving with 7-year retention benchmarks at approximately $180K–$230K annually at competitive pricing. The same enterprise on S3 Comprehensive Email Security plus archiving benchmarks at $210K–$270K. The S3 premium buys DMARC Analyzer, Awareness Training, and Incident Response hours — capabilities that would cost $90K–$140K annually if purchased separately, making S3 usually economically favorable for organizations that will actually deploy all three.
Submit your Mimecast contract for a full pricing benchmark within 24 hours. Our database covers 140+ Mimecast enterprise deals — see exactly where your bundle pricing stands versus comparable organizations and whether M365 E5 migration economics favor you.
Submit Your Contract →Mimecast under Permira ownership has maintained deal-by-deal discount flexibility similar to Sophos. The commercial dynamics are heavily influenced by three parallel pressures: Microsoft 365 E5 native email security capability, Proofpoint competitive positioning, and emerging cloud-native alternatives (Abnormal Security, Cloudflare Area 1, Material Security). Each pressure creates a distinct discount lever for well-prepared buyers.
Microsoft 365 E5 migration threat: This is Mimecast's single largest commercial pressure. Organizations with active M365 E5 adoption can credibly threaten to retire Mimecast in favor of Microsoft Defender for Office 365 P2 (included in E5 at zero incremental cost). Our benchmark data shows 10–15 points renewal improvement consistently achievable when this threat is visibly positioned to Mimecast account leadership. To be credible, the threat must include analysis showing which Mimecast capabilities would be replaced by Microsoft native and which would be retained — Mimecast account teams respond better to precise displacement analysis than to vague Microsoft threats.
Proofpoint competitive displacement: Proofpoint is Mimecast's most direct competitor and the most effective lever for new-logo and displacement discounting. Mimecast has authorized 40–55% discounts in competitive Proofpoint displacements where the customer is signing for 3-year terms at $300K+ annual commitment. Formalizing the Proofpoint evaluation — RFP documentation, scheduled demos, procurement engagement — is the mechanism that surfaces this discount authority to Mimecast's sales leadership.
Cloud-native alternative threats: Abnormal Security, Material Security, Cloudflare Area 1, and INKY have emerged as credible cloud-native email security alternatives, particularly for organizations already on Microsoft 365. These vendors' API-based architectures deliver strong business email compromise and impersonation protection that historically differentiated Mimecast. Introducing one or more of these vendors into a Mimecast renewal evaluation unlocks discount authority at levels similar to a Proofpoint threat — typically 8–12 points above what a Mimecast-only negotiation would produce.
Bundle consolidation: Customers with separately purchased Mimecast modules (Email Security S1, Awareness Training, DMARC Analyzer, Archiving, Incident Response) often achieve 20–30% effective savings by consolidating into an S3 Comprehensive Email Security bundle at renewal. Mimecast's account teams are incentivized to drive bundle consolidation, which creates alignment for discount authorization when the buyer proposes the restructuring.
Fiscal year-end (March 31): Mimecast's fiscal year ends March 31. February and March close periods consistently produce the deepest discount authorization. Our benchmarks show 8–12 points better pricing on deals closed in fiscal Q4 versus summer negotiations.
Three-year commitment pricing: Three-year term commitments add 8–12% discount. For Mimecast, a 3-year commit carries moderate strategic risk because the email security category is under active disruption from Microsoft and cloud-native alternatives. A 2-year term with strong termination-for-convenience protection often produces the best risk-adjusted outcome for organizations uncertain about their long-term email security architecture.
S1 vs. S2 vs. S3 bundle selection: The jump from S1 to S2 adds approximately $10–$14 per user per year at list, primarily for impersonation protection and internal email inspection. The jump from S2 to S3 adds another $12–$15 for DMARC Analyzer, Awareness Training, and Incident Response hours. For organizations that will deploy all three capabilities, S3 is economically favorable versus buying them separately. For organizations that only need one of the three, buying the component separately is usually more economic.
Archiving storage economics: Mimecast Archive's base per-user price includes a default storage allocation (typically 10 GB per user or 50–100 TB total for enterprise). Organizations with heavy email volume or long-retention compliance requirements (7-year financial services retention, 10-year legal retention) quickly exceed the base allocation, with overage storage billed monthly. A 5,000-user enterprise with 7-year retention and moderately heavy email volume can see storage overage of $40K–$80K annually on top of the base subscription. Model the full storage cost over the contract term — do not accept the base subscription quote as the total.
Awareness Training seat counting: Mimecast Awareness Training is licensed per seat, with seat count typically matching the email security user count. Organizations where training is selectively deployed (for example, only to high-risk functions like finance and HR) still pay for all seats. Negotiate training seat counts separately from email security user counts where actual training deployment is narrower than email security coverage.
DMARC Analyzer domain pricing: DMARC Analyzer is priced per protected domain, not per user. Large enterprises with many registered domains (particularly through M&A history) frequently pay for protection on domains that should have been deprecated. Audit the actual protected-domain list before renewal and remove inactive domains from the contract.
Incident Response hour pools: Mimecast Incident Response bundles named retainer hours (typically 40–80 hours annually in S3). Incidents during the year draw down this pool, with additional hours billed at elevated day rates ($480–$680 per hour list). For organizations that operationally rely on Mimecast IR, expand the base hour pool at contracting rather than paying day rates during an active incident.
140+ Mimecast renewals analyzed across both stay and M365 E5 migration scenarios. Upload your current Mimecast contract plus M365 licensing and receive a full competitive economic analysis within 24 hours.
Submit Your Contract →Archiving storage overage at list: The single largest Mimecast cost surprise is archiving storage overage billed monthly at list rates during the contract term. Negotiate storage overage at contracted discount and include a realistic storage growth projection in the initial allocation.
Legal hold storage: Legal holds preserve email beyond standard retention periods. Organizations in active or repeated litigation can accumulate substantial legal hold volume. Ensure the archive pricing includes provision for legal hold storage at the contracted rate and does not trigger premium storage rates.
Awareness training participation mismatch: Training seat licenses typically match total user count but organizations rarely achieve 100% training participation. Negotiate flexibility to license training on a subset of users (for example, high-risk departments) rather than enterprise-wide.
Mid-term add-on module pricing at list: Adding modules during the contract term (for example, adding DMARC Analyzer after the initial S2 purchase) frequently defaults to list pricing unless the contract contains pre-agreed expansion rates. Negotiate module expansion at contracted discount.
Incident response hour cap: Standard IR hour pools (40–80 hours) can be exhausted in a single significant incident. Day-rate billing for additional hours escalates quickly during active response. Expand the pool to align with realistic incident response needs, or negotiate a pre-agreed day rate cap.
True-up at list pricing: Standard Mimecast true-up provisions default to list pricing for user count growth during the term. Negotiate expansion rates at contracted discount with a reasonable annual true-up cap (10–15%).
Automatic renewal with 60-day opt-out: Mimecast's default contract contains auto-renewal with 60-day notification. Convert to manual renewal or reduce the opt-out window at every contract renewal opportunity.
Mimecast renewals under Permira ownership open with modest list-rate increases (3–8%) accompanied by S2-to-S3 upgrade proposals. The account team's primary motion is bundle expansion — upgrading customers from S1 to S2 or S2 to S3, or adding DMARC Analyzer, Awareness Training, or Incident Response as separate add-ons.
What remains negotiable: Per-user rate on the existing bundle, archiving storage overage rates, and the composition of the bundle itself. Renewal account teams are measured on net retention and expansion revenue, both of which align with buyer interests in optimizing the bundle for actual deployment scope. A restructured S2+archiving renewal can often deliver flat or reduced cost relative to the prior S1+archiving+standalone-impersonation structure.
What rarely changes: Incident Response day rates, DMARC Analyzer domain rates, and archiving overage rates for long-retention storage. These carry tight underlying cost economics. Meaningful discount requires specific competitive substitution threat — typically Proofpoint or cloud-native alternatives.
The Microsoft 365 E5 question: For organizations with broad E5 adoption, evaluate whether Mimecast can be reduced to archiving-only while Microsoft Defender for Office 365 P2 replaces the security component. This architecture — M365 security + Mimecast archive — is increasingly common and can reduce Mimecast spend by 40–60% while maintaining compliant retention capability.
S1 Email Security Essentials runs $18–$28/user/year list. S2 Advanced runs $28–$42. S3 Comprehensive runs $42–$55. Email Archiving runs $8–$18/user/year base plus storage overage. Awareness Training $14–$22/seat/year standalone. Negotiated enterprise deals achieve 25–45% below list. A 6,000-user S2 + Archive deployment benchmarks at $180K–$230K annually.
Mimecast and Proofpoint are within 10–20% at list across comparable bundle tiers. Mimecast S2 benchmarks 5–15% below Proofpoint Enterprise Protection + TAP. Mimecast's differentiation is broader native bundling (archiving and awareness training in higher tiers). Proofpoint's differentiation is threat intelligence depth and more mature DLP capability.
M365 E5 includes Defender for Office 365 P2, covering many inbound email threats. Mimecast still differentiates in internal email inspection, long-retention archiving, and integrated awareness training. Organizations on M365 E5 needing only inbound protection frequently retire Mimecast. Organizations needing archive, training, or internal email protection typically retain Mimecast in layered architecture.
25–45% off list for enterprise buyers. Competitive displacements against Proofpoint or cloud-native alternatives reach 40–55%. Three-year commitments add 8–12%. Permira's private ownership preserves deal-by-deal discretion. Q4 fiscal year-end (March 31) produces deepest authorization. M365 E5 migration threats consistently add 10–15 points of renewal improvement.
Archiving storage overage billed at list for long-retention compliance. Awareness training seats billed for all users regardless of participation. DMARC Analyzer paying for inactive domains from M&A history. Incident response hour caps triggering day-rate billing mid-incident. Mid-term add-on pricing at list rather than contracted discount. Automatic renewal with 60-day opt-out windows.
Our benchmark database covers 140+ Mimecast enterprise contracts. Submit your S1/S2/S3 bundle, archiving, or renewal and receive a full analysis within 24 hours — including M365 E5 migration economics and Proofpoint-alternative benchmarks.