New Sophos Support Phone Numbers in Effect July 1st, 2023

O365 filtering out SPAM before it gets to Sophos

Since moving from another antispam provider to Sophos, I've started getting Microsoft Quarantine emails again. I've done a message trace and it clearly shows that the message was sent to Sophos, however Central has no record of that email ever arriving. However, if I go to Microsoft Quarantine and release the email, Sophos then blocks it and it shows up in Central as having been blocked for being SPAM.

I would have thought the prefilter rule and redirection would catch a message straight away. I've done all the domain and mailflow verifications in Central and they've all come back saying everything is correct.

What's going on and why is Microsoft suddenly collecting SPAM?

For any Sophos staff who happen to be watching, case 06513956 has been going on for almost a week and getting nowhere, despite 2 hours on the phone today.

Parents Reply
  • Thanks for your replies Tom. I am a Sophos partner. We have implemented this with a view to sell to our customers, however a big selling point was going to be not having to update MX, SPF, SKIM, DMARC and just being able to integrate seamlessly with O365. I'm assuming I'll need to tidy up all the rules Sophos created, which isn't listed anywhere in that document.

    It would appear that Mailflow mode currently does not work as designed, due to changes by Microsoft. I will follow the Sophos recommendation to go with Gateway mode. It would be helpful if Sophos Central and documentation was updated to reflect this until problems with Microsoft are resolved.

No Data