Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Central Email Gateway TOC Cannot send this item

My client has been using the email gateway for some years now.

About 6 months ago my client reported that emails would not send, they received a message saying Cannot send this item.

After investigating I found it related to long URL's, once an email chain gets so long the links block the reply emails being sent
We use TOC via the email gateway, this is the cause of the issue as it rewrites the URL every time an email is sent even though it rewrote them previously.

MS released a fix for this in April:
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-cannot-send-this-item-email-bug/

This didn't resolve the issue my client is having, the fix may have been for 365 TOC.

I have logged cases with support but not got anywhere, has anyone else seen this problem?



Added tags
[edited by: Raphael Alganes at 11:10 AM (GMT -7) on 2 Jun 2023]
Parents
  • It would be great to see a summary of what top level domains are being processed by Sophos TOC.  The current Time of Click Summary report shows a summary of the number of clicks, but no details.

    If we could see that 50% are from a trusted domain, we could add that domain to the URL allow list to help minimize this problem.

    Or Sophos could just fix the problem and shorten the TOC links...  that would stop this thread from getting the extreme amount of views it is getting.

  • Did you find a solution to this yet? What did you end up doing?

  • The issue seems to be way more prevalent on the current Office channel, so we're switching to the semi-annual enterprise channel, and that seems to help a lot, but doesn't completely eliminate the issue. This means we've also had to whitelist *.safelinks.protection.outlook.com in the Sophos Central portal. So we're not actually using Sophos Time of Click for email protection on sites that have gone through Exchange Online, which defeats the purpose of using Sophos ToC in the first place.

    I wish Sophos could just shorten their ToC links, but for some reason they just don't want to do that, and instead prefer that we stop using their product. 

  • Thanks for your suggestion. You said whitelist *.safelinks.protection.outlook.com in the "URL allow list" only?

Reply Children