This article describes troubleshooting information for common scenarios or issues that customers experience in Sophos Central Email. The following sections are covered:
Applies to the following Sophos products and versions Sophos Central Email
Initially use the Sophos Central Email GUI to determine if the mail in question is not shown at all, shown as quarantined, or shown as success.
Use the Sophos Central Email GUI to determine if the mail in question is shown at all or shown as success or failure.
Sample email – the header.from and from fields do not match. Envelope, or header.from field is realsender.com while the displayed from domain is fakesender.com.
Received: from xxxx.xxxx.PROD.OUTLOOK.COM (18.104.22.168) by xxxx.xxxx.PROD.OUTLOOK.COM with HTTPS via xxxx.xxxx.PROD.OUTLOOK.COM; Mon, 29 Jun 2020 19:12:20 +0000 Authentication-Results: xxxx.com; dkim=none (message not signed) header.d=none;xxxx.com; dmarc=none action=none header.from=RealSender.com; Received: from xxx.PROD.OUTLOOK.COM (22.214.171.124) by xxxx.OUTLOOK.COM (126.96.36.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 188.8.131.52; Mon, 29 Jun 2020 19:12:20 +0000 Content-Type: application/ms-tnef; name="winmail.dat" From: Mr Burns <monty.burns@FakeSender.com> To: Mr Wilson <brian.Wilson@xxxx.com>, Subject: Good times
You can find a list of the types of spam filtering done by Sophos Central email at Spam Filtering.
Normal Spam: These are messages that conform to known and verified spam patterns. Submit following the article How to submit spam and false positive spam samples to SophosLabs
Bulk: These are solicited messages sent using mass mailing. For example, newsletters sent to a mailing list. Submit following the article How to submit spam and false positive spam samples to SophosLabs
Suspected Spam: These are messages that have been identified as suspicious. Submit following the article How to submit spam and false positive spam samples to SophosLabs
Phishing/Spear Phishing campaigns: Personalized spam sent to an individual instead of sent to many people at once. Has a better chance of catching someone because it will often contain personal details. Follow Dealing with Spear Phishing and Business Email Compromise and recommend Impersonation Protection and VIP Management. Impersonation Protection detects phishing emails that pretend to come from well-known brands or from important people within your organization.
These were introduced April 2019 and allow the recipient to be given an idea of the risk of the email and also an easy way to add the sender to the user's allowed / blocked items list.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.