Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Suspected Spam levels in Message History

What’s new – Sep 18, 2023

Earlier this year, we released the aggressive mode for Anti-spam, a feature that allows you to choose from the 5 levels of catch rate for Suspected Spam. This feature combined with the ability to configure different catch rate levels for different external senders/domains and for different internal users, groups, and domains of Email Security Policy gives you a greater customization and more granular control over Suspected Spam catch rates.

We have now enhanced the feature by making the Suspected Spam levels applied to messages visible in Message History. Unlike earlier, when only the email pertaining to the level set in the policy was marked Suspected Spam, now an email matching any level is marked Suspected Spam – regardless of the level set in the Email Security Policy. Furthermore, you can filter your messages in the Message History by the level of Suspected Spam. We are confident that this visibility into the level of Suspected Spam of messages will also help you determine the relevance of each level, thereby guiding you in tweaking the levels configured in your Email Security policies to meet your email security needs.

Watch the video at end of this post to familiarize yourself with this enhancement.

Applies to the following Sophos products
Sophos Email

In this post the following sections are covered:
  ● Filter by the level
  ● Details of the levels
  ● Watch the video

Filter by the level

In the Message History, you filter the messages by the level of Suspected Spam applied to message received, as indicated in the screenshot below.

Details of the levels

In the Message Details page, you can view the Suspected Spam level applied to the message vis-à-vis the level configured for each recipient of the message. As highlighted in the screenshot below, there are 3 pieces of information relevant to the Suspected Spam level for the message:

  1. This message was marked Suspected Spam under level, L4
  2. For the user John Doe, the policy is configured for level, L2
  3. Thus, the message was delivered successfully to John Doe

Watch the video

  • Maybe or maybe not Slight smile The purpose of the product is to equip you with tools that you can use effectively to manage your email security needs. If you think that you need different policies with different suspected spam levels for different external sending domains to protect against the rate of spams generated from them, then you should give it a try. Raising the suspected spam level will contain false negative (FN), but may also increase false positive (FP). Different customers experience spam, FP, and FN rates differently, so I think an admin knows his/her situation better than us. Thus, we try to make product flexible enough to be used in fashion that every customer deems fit. Also, we are keenly listening to customer feedback on what we can do to improve the product in a way that makes admin's life easier.
    PS: The default level is L1.

  • Am I correct that as a result of this, we might(will) end up with one L3, one L4 and one L5 policy, all to be to maintained, in additional to what we might have in place already? (For all the false negatives that is delivered as a result of the base policy, for instance, being configured on L2, as it is by default.)