Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

News: Feature update



Having your email account compromised by attackers is seriously bad news. That’s why Sophos Synchronized Security now connects Sophos Email with Sophos Endpoint. Delivering automatic detection and clean-up of infected computers sending outbound spam and viruses.


The symptoms of a compromised mailbox

When your domain is used to spread malicious emails, it can impact your reputation as an email sender, leading to blocked messages, and your reputation as a trusted business. There are some common symptoms of this activity, but busy users may struggle to notice, leading to undetected threats:

  • The user’s mailbox may be blocked from sending emails
  • Missing or deleted emails in their inbox
  • Recipients report emails being received, but the users has no corresponding sent item
  • The existence of inbox rules neither the user, or your administrator have created. These rules may forward messages the Junk folder
  • Mail forwarding was recently added to the account without consent


A connected approach to compromised mailbox security

Thanks to its shared user list, Sophos Central is now able to link mailboxes protected by Sophos Email with the associated computers protected by Sophos Endpoint security. Once linked, if Sophos Email detects 5 or more spam or virus emails sent in 10 minutes, the mailbox is automatically blocked while an endpoint scan is carried out and the infection removed.


Alerts for any blocked mailbox are then instantly shared via the Sophos Central dashboard, with an event captured in endpoint logs for the blocked mailbox alert, and the associated endpoint scan - providing complete visibility into the threat and the action taken.



  • This latest enhancement to Sophos Email is available with both Sophos Email Standard and Advanced SKUs
  • A Sophos Endpoint license on Sophos Central is required to carry out the associated endpoint scan