Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Policy Enhancement

What’s new

We have enhanced the policies in Sophos Email to support applying a policy to external domains and mailboxes also. The capability is added to both Email Security and Data Control policies. You can watch the video attached at end of this post to familiarize yourself with the enhancement. 

Applies to the following Sophos products

Sophos Central Email

How to use

You will notice a new tab in your policy interface called External. By default, the option “Include all” will be selected. Thus, your existing policies will continue to behave the way they used to before this enhancement. You can change the policies to either include or exclude a list of email addresses and domains to which the policy will apply. The screenshot below shows that an email security policy has been created to apply to an included list of email addresses and domains.

You can also import a list of external email addresses and domains in CSV or TXT file format to populate the inclusion or exclusion list to which the policy will apply.

When to use

You should configure external domains/mailboxes in the policy to apply the policy more precisely to only those messages that are exchanged between the external domains/mailboxes and the set of internal users, groups, or domains. Doing so, will help you make more granular adjustments to policy to cater to the protection or data control needs of those messages. For example – if you want to apply S/MIME to all messages exchanged between a set of users of your organization and those of a partner organization, then you should list the domain or mailboxes of partner organization under External tab and list your users using Users, Groups, or Domains tabs.

Watch the demo video

You can also watch the video below that explains the feature.