How to Block email with both empty body and subject in Sophos Central - Email Security

Hi,


I'm trying to see the option to be able to block incoming emails with empty subject and body, but I can't figure out how to do it. Is there any option to apply it?

I appreciate the attention and support.

Regards!!

Parents
  • Hi,

    I would recommend sending the email as (false negative) spam sample so our lab can create a detection for it. Detections created by our labs is smarter than just creating an explicit block entry.

    Here is the KB article on how to do so:

    https://support.sophos.com/support/s/article/KB-000037048?language=en_US

    Additionally, you can add the sender's email address, domain, top level domain, or IP address into the Block list. You can do this by looking into the email's received headers.

    This can be done by going into Central Email >> Configure >> Settings >> Inbound Allow/Block. 

    Once you are there, you can click on the "Add" button and choose "Block" and input your entry. (To know what are allowed examples, hover your mouse/cursor to the "?" icon in the pop-up screen.)

    Please note that adding into the Block list is usually a temporary means of blocking such emails while you are waiting for our labs to create the detection. This is keeping in mind that blocklists can grow really big after a certain time IF entries there are kept permanent. 

    Note that currently when sending spam samples, there are no acknowledgement back. I would suggest waiting about a day or two after sending the sample before deciding to remove the entry from the blocklist for testing if the issue persists.

    If the issue persists, I would recommend following this article first before getting a case created so that we can investigate this more thoroughly:

    https://community.sophos.com/sophos-email/f/recommended-reads/132655/central-email-what-to-do-before-creating-a-technical-support-case-when-you-are-having-spam-issues

    Regards,

    Jose

Reply
  • Hi,

    I would recommend sending the email as (false negative) spam sample so our lab can create a detection for it. Detections created by our labs is smarter than just creating an explicit block entry.

    Here is the KB article on how to do so:

    https://support.sophos.com/support/s/article/KB-000037048?language=en_US

    Additionally, you can add the sender's email address, domain, top level domain, or IP address into the Block list. You can do this by looking into the email's received headers.

    This can be done by going into Central Email >> Configure >> Settings >> Inbound Allow/Block. 

    Once you are there, you can click on the "Add" button and choose "Block" and input your entry. (To know what are allowed examples, hover your mouse/cursor to the "?" icon in the pop-up screen.)

    Please note that adding into the Block list is usually a temporary means of blocking such emails while you are waiting for our labs to create the detection. This is keeping in mind that blocklists can grow really big after a certain time IF entries there are kept permanent. 

    Note that currently when sending spam samples, there are no acknowledgement back. I would suggest waiting about a day or two after sending the sample before deciding to remove the entry from the blocklist for testing if the issue persists.

    If the issue persists, I would recommend following this article first before getting a case created so that we can investigate this more thoroughly:

    https://community.sophos.com/sophos-email/f/recommended-reads/132655/central-email-what-to-do-before-creating-a-technical-support-case-when-you-are-having-spam-issues

    Regards,

    Jose

Children
No Data