You can check whether an email has been scanned by Sophos XG Anti-Spam by viewing the email message header and looking into the Sophos XG custom fields in it. This article describes the steps to verify if the Sophos XG Firewall Anti-Spam has scanned an email.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
The email header is the information that travels with every email, containing details about the sender, route and receiver, and is attached automatically to every email message that is sent and received. When an email is scanned by Sophos XG Firewall, it attaches the following custom fields in the email message header. Based upon the values of these fields, you can see whether the email has been classified as Spam, containing virus, etc.
Returns the final classification of the message, taking into consideration all known factors (RPD results, Local View Rules, Local View System-wide Custom Rules, Local View Local Custom Rules, etc.). Results are in the form of X-CTCH-Spam: <Classification>. Classification options are: Confirmed, Bulk, Suspected, Unknown and Non Spam.
The Spam Classification options of X-CTCH-Spam field are explained below:
The Virus Classification options of X-CTCH-VOD field are explained below:
The following is an example explaining how to check email message headers in Microsoft Outlook 2016.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.