Santosh Barnwal
Email Rejection Report: Mailbox Not Found

We are excited to announce the release of the Email Rejection Report, one of the most requested enhancements in Sophos Email. 

The Email Rejection Report, also known as the "Rejection Log ", shows inbound messages that were rejected because the recipient mailbox wasn't found in Sophos Central. The report provides the critical information about the rejected emails: Date, Sender address, Recipient address, Sender IP, and the Reason. The report displays the data for the last 30 days. The standard real-time export and custom report functionality are available with this report as well. It means that you'll be able to export this report in CSV format or schedule automatic generation and delivery as per the configuration.

Our customers will find this report particularly valuable in the following situations:

  1. A business email was rejected because the sender fat-fingered the recipient’s address.
  2. The recipient mailbox is correct, but it has not been synchronized in Sophos Central. In this case, you should review your directory synchronization and make sure it's working properly. If you manage your mailboxes in Sophos Central manually, please ensure you keep the mailboxes updated in Sophos.
  3. The recipient mailbox is incorrect/invalid. This could be a potential Directory Harvest Attack (DHA). In a DHA, attackers send a large volume of emails to a domain using guessed or auto-generated email addresses, hoping that some of the addresses are valid. This is to build a list of active users for future spam, phishing, or malware attacks.

Please note that if we see a high number of emails within a specific time frame from a single IP targeting a specific domain, the rejection logging is temporarily paused, and an alert is generated in Sophos Central. The logging is resumed automatically after some time. The details are available in the updated help documentation.

We hope this new Rejection Report feature will help you better monitor and manage your email security. If you have any questions or need further assistance, please don't hesitate to contact Sophos.

Here is a screenshot of the rejection report for your reference.

 

  • 0 comments
  • 0 members are here