Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 18 subscribers
  • Views 2190 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sudden increase in quarantine of valid emails 8 April 2020

Mitch Turner

Yesterday morning all the users in our company (80+) were greeted with a Quarantine email listing far larger than normal--dozens of emails in many cases. The quarantined emails were from addresses that we've been getting mail from with no problem for months or even years. This was an instant change. We did not change any settings. It's really setting back operations as people are missing emails all day and then have to go release them the next day (or they could try to remember to keep checking their quarantine all day--not acceptable).

Has anyone else experienced? This change would have happened sometime Wednesday, 8 April 2020, and started showing in in force Thursday, 9 April. Possible it started Tuesday night but we did not see the big jump in false positives until Thursday morning's email report.

 


Added tags
[edited by: Raphael Alganes at 2:29 AM (GMT -7) on 8 Jun 2023]
  • 0

    Hi Mitch

    Were the these mails classed as Bulk?

    We are making some changes to improve overall detection efficacy and improve detection of bulk email over the course of April.

    For reference, Sophos defines bulk as newsletters, marketing emails, and all other forms of automated solicited mail.  As a result, you may notice more emails marked as ‘bulk’ than previously.

    I've asked for a notification to be added to this forum to reflect this.

    Greg

  • 0 in reply to GregH

    Greg -

    Thanks for the response. Yes, it had to do with Bulk email. Through our MSP partner with Sophos we found out Sophos changed the engine. The whole thing was done horribly from a customer perspective.

    If you look at how you describe the change, it's obvious that the customer experience is not understood. Marketing emails are not a form of solicited email. So what you have done is lumped emails that the user specifically asked for in with emails that they haven't. And now we are faced with either putting all that email in the user's mailbox, and making them sort it out, or quarantining it, and making them sort it out. Being able to tag it as BULK doesn't help them sort anything out, because by your definition emails they have asked for are flagged as bulk.

    The biggest failure is you made this change without telling people. So now I'm left trying to explain why we should stay with a vendor who makes users' jobs harder and does so without any warning. Meanwhile we continue to get phishing emails fairly regularly.

    Mitch

  • 0 in reply to GregH

    Greg,

     

    I saw that Mitch has already stated what the issue was but I have the same issue and just found this article this morning. The really nice part is that it was created on 4/14/20.

    community.sophos.com/.../sophos-email-email-detection-capability-improvements

  • 0 in reply to Randy Serena

    Yes, would have been nice to know that BEFORE it was rolled out. Article says "will be" rolling out. In the mean time, while I appreciate the focus on BULK email, we are getting tons of phishing attacks that go right through, not flagged even as BULK. We have been hacked several times through those--that should be the priority to stop.

     
Unfiltered HTML