Recap: Getting started with Sophos Email - Session 2

On March 25, we hosted session 2 of our 3-part Getting started with Sophos Email webinar series. We covered comprehensive insights into Sophos Email security and data control.

For those unable to attend or are looking to revisit, you can find the webinar recording below. Additional resources can be found at the bottom of this post.

Interested in learning more?  

This was the second session of a 3-part series designed to enhance your journey with Sophos Email. Future sessions include:   

• Session 3: Troubleshooting and mail management, April 23, 2025  

REGISTER NOW

Can’t attend live? Register anyway to receive the recording after the live event.   

Related resources

• Sophos Email onboarding page
• Sophos KBA 000002621 – cheat sheet for regular expressions and matching patterns
• RegEx Pal – 3^rd party regular expression tester for matching keywords. Ensure PCRE is selected when testing

Additional Support resources

• Support Portal – for access to product resources, knowledge base articles, documentation, and much more.
• Sophos Status – sign up for updates on system and product statuses and maintenance.
• Sophos Techvids – for troubleshooting guides, product demos, and foundational knowledge videos.

Follow-up Q&A

1. Would these file types be identified if they are compressed?
   1. The short answer is yes! Sophos offers a variety of file types we identify out of the box, including files like (dot) zip, a common compression type. As these are frequently updated, check your data policy rules for the available file types.

2. Can I have different data control rule sets for different departments in my organization?
   1. The easiest way to have different data control sets for various departments is to create a separate data control policy and assign it to each respective department through the “groups” section during the policy creation. This, along with ensuring there are no rules that match first, will allow you to apply only specific sets of rules to the respective departments.

3. Do we have plans to add more email categorization options for the SPAM filter?
   1. Currently, we do have the 3 categories of spam plus the different levels that are tunable from levels 1 through 5. In the long term, we would encourage you to talk with your account team to discuss what the product roadmap looks like, and if nothing is on the roadmap currently, they could submit a feature request, including gathering the details on which specific scenarios you’re after.

4. How does Sophos protect an organization from spam emails?
   1. We would encourage you to talk to your account team for the micro and granular descriptions, but it’s a combination of both real-time blacklist and threat intelligence combined with machine learning and AI models that are being used. In conjunction with any custom data control rules you may have configured. 

5. I haven't found any specific material regarding the secure message email policy on the onboarding page. Can [you] share the resource regarding the secure msg policy and its settings?
   1. Great catch! Currently, we only have a Sophos Assistant workflow and online help documents for the secure message policies on the onboarding pages. We are working on a more detailed Techvids video which we’ll cover the ins and outs similar to what we covered today. Once live, we’ll be sharing this on the onboarding page, so thanks for your patience.
   2. Here are some of our current resources:
      1. Secure Message policy
      2. Secure message methods
      3. Sophos assistant workflow

6. I've set a CCL to detect credit card numbers but when I send a test email to myself, it isn't being encrypted.
   1. We encourage you to look at the rules prior to testing; by default, a lot of the policies are there to detect mass data loss, so there may be matching on more than 1 match being present. If things are still not right, either work on building your own policies or open a ticket with our technical support team to have them review that with you to get an answer quickly.

7. If I have an email that was quarantined when it shouldn't have, how can I fix it?
   1. First, identify the reason for the quarantined email, as we always encourage you to review the email before releasing it. Then, depending on what triggered the quarantine, you may need to adjust policy rules. If something is out of your control in terms of policies and configurations, such as false positives (i.e. malware), contact our technical support team and provide a sample to help with the mail submission. Ideally, you’d limit the number of exclusions so that we’re still hardening the attack surface while still allowing necessary communication to come across.

8. Is it possible to encrypt emails with PGP?
   1. Not today with the platform. We do, however, support TLS 1.3 natively and S/MIME and allow attachment or portal encryption methods. Reach out to your account team, who can help incorporate that into a future request. 

9. Is it possible to see the audit logs when I modify any policy from Email Protection?
   1. Yes, you can; this is under the settings found under the broader platform. If you go back to the main Sophos Central page, these can be found under the reports tab.
   2. See Audit logs for more information

10. Is it possible to send application bulk mail to outbound and inbound?
    1. We do allow for bulk mail to be sent outbound through Sophos; before doing so, you’ll need to apply those specific mailboxes for the special bulk sender privileges. See bulk sending limits and privileges for more details.
       This is also allowed for inbound email, provided your email policies allow it. No special requests are required for inbound. 

11. What if the common CCL my region uses, isn’t included in the default list? Can I request that some be added for me?
    1. If it’s not in the default list, we do have the option to add customization through regular expressions and match within different characteristics of the mail itself. Creating a specific pattern or trigger can help you accomplish this to match a broader set of patterns. If it is a standard or compliance within a region that we don’t have, raise that request within Sophos Support.
       
       
12. Will it also support collaboration tools like OneDrive, SharePoint, and other Microsoft collaboration tools? What about BEC?
    1. It's important to differentiate between email and how these tools function. We have an integration included in the email licensing for monitoring the Microsoft Security Graph activity and Audit Logs across your Microsoft entitlements. It will identify malicious and suspicious behavior such as mailbox compromise, data exfiltration, and several other proprietary rules developed by Sophos X-Ops. We will see any mail activity coming or going within the environment if properly configured.
    2. See https://docs.sophos.com/central/mdr/help/en-us/welcomeGuides/MDR/integrations/index.html for more information.