To authorize Mimecast to send emails on behalf of your domain you have to add the following SPF mechanism to your SPF record.
If for example Mimecast is the only authorized sender for your domain, your SPF record will look like the example below:
v=spf1 include:_netblocks.mimecast.com ~all
For more information please refer to Mimecast's article using the button below.
As DKIM requires a signature to be applied to your emails you will have to generate a public and private key pair in Mimecast. To do this you will have to create an Outbound Signing Definition and an Outbound Policy to apply DKIM to your outbound emails.
Once this definition is created it will tell you what needs to be added to your DNS record.
Detailed steps on how to create an Outbound Signing Definition in Mimecast and start signing your emails can be found on the Mimecast knowledge base.
Create a free OnDMARC account to test your configuration.