Restrict user from releasing quarantined email

Is there ability to allow users to get a summary of quarantined messages but NOT be able to Release or Delete - we want users to be able to see what was quarantined then contact IT if they want something released vs self serving it.

I was unable to find documentation on how to go about doing this.


[edited by: emmosophos at 8:34 PM (GMT -7) on 3 May 2021]
  • Central Email only allows the user to release "spam" and Bulk email. So potentially unwanted but still "safe" emails.

    Emails which failed for other reasons (DLP, Malware, ToC, DMARC etc.)are not shown nor visible for the user in the quarantine digest. 

    Therefore the Admin should have an eye on the quarantine. 


  • Thanks - this is helpful and gives me much more confidence.

  • You can actually test this.

    There is a Spam flag called "gtube" in the internet. Go to a privat email address, send yourself a email with this body string and it will automatically go into "spam", as all products will mark this email as Spam (its a Spam test string). 

    Then create a DLP, which quarantine a email with Body "Sophos Test". Send yourself a emai with this body. 

    Both will be quarantined but only the first email will be visible for the user.