Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 17 subscribers
  • Views 8744 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

questions about spoofs

Jiri Novak1

We just setup Sophos Email Gateway on top of GSuite... everything works, followed the setup and turn on all warnings 

Spam Filtering - turned on tag subject line

End-user message settings - turned on all smart banners

Sender Check - turned on tag subject line

then ran this test https://emailspooftest.com

E9 and E10 emails were not flagged by Sophos Gateway any way (which is honestly a bit odd)

none of the test emails E1 to E10 showed smart banners of any kind though all other emails do

thoughts?

thank you

jiri



Edited tags
[edited by: Raphael Alganes at 1:18 AM (GMT -7) on 8 Jun 2023]
Parents Reply Children
  • 0 in reply to emmosophos

    That's very strange behavior honestly, sophos forum notifications bypass basic setting of the email gateway platform? Why? Banner are simple green-yellow-red. Showing "nothing" is simply not a good way to teach users what to watch for. It is external email not coming from our domain, it should be flagged. Btw Sophos forum emails don't even use DKIM 

    Authentication-Results: mx-01-us-west-2.prod.hydra.sophos.com; spf=pass smtp.mailfrom=noreply@mail.community.sophos.com; dkim=none;

    if you run tests on https://emailspooftest.com you get similar "no banner" behavior and on top you get emails through which should be flagged as spam E9 and E10

    honestly this seems like a bug, not a feature to me

  • 0 in reply to Jiri Novak1

    I just opened my inbox

    - there are some emails with no banner from random outside domains (some even flagged as bulk)

    - emails from haveibeenpwned.com have green banner though they clearly impersonate our domain, the email came with striped dkim though our domain clearly says it must use sophos dkim, I am also very unsure how sophos makes sure outgoing emails are truly coming from us, there is no real auth between google email server and sophos gateway (blind trust i guess)

  • 0 in reply to Jiri Novak1

    Hello Jiri,

    Thank you for the feedback I will pass your comments to PM, but as mentioned this is by design. Usually, users won’t get emails from sophos.com directly, for example, emails coming from Password Recovery for SSP will get the banner added.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to Jiri Novak1

    Hello Jiri,

    I would recommend you to open a case with Support to get those emails without banner investigated as well as the impersonation.

    Also, take a look at this KB for questions about banners.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Unfiltered HTML