Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Discussions Admin allow list doesn't bypass BULK Quarantine

Sophos Email requires membership for participation - click to join

Thread Info

State Verified Answer
+1 person also asked this people also asked this
Locked Locked
Replies 11 replies
Answers 2 answers
Subscribers 20 subscribers
Views 7723 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Admin allow list doesn't bypass BULK Quarantine

Stuart James 5 months ago

Strangely, if an email address is added to the Admin Allow list and the Bulk action is quarantine, the email still gets quarantine.

Surely if an email address is listed on the Admin Allow list it should skip the Bulk email check, just as it skips the Spam email check?

This thread was automatically locked due to age.

Top Replies

Tom Foucha 5 months ago in reply to Tom Foucha +2 verified

As mentioned in our internal testing, including my personal testing, it took up to 90 seconds for the allow list to propagate in the system then it worked as expected bypassing spam checks. If you continue…

Parents

0 Vivek Jagad 5 months ago

Hello Stuart James ,

Thank you for reaching out to the community, so if I understood correct you want to an exception for bulk emails from certain senders, right? if that is the case then we already have this a feature request - CEMA-I-304

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel
0 Gerald Chau 4 months ago in reply to Vivek Jagad

How would we bypass this in the time being Vivek?

Would it be by creating a policy for specific senders and then turning 'Bulk Spam' off for these senders to certain users?
Cancel
Vote Up 0 Vote Down

Cancel
0 josepalad 4 months ago in reply to Gerald Chau

Hi everyone!
Please make sure that it is the "SMTP From" address that you have put into the Allow list and not the "Header From"
this is because what really counts is the 'SMTP From' (or Envelope-from) value when it comes to email transaction. The 'Header From' is the "From:" in the body of the email which is very easy to spoof and so if Allow list is based on it instead then there a lot more chances of False Positives.
Here is a screenshot of what I mean:
Cancel
Vote Up +2 Vote Down

Cancel

Reply

0 josepalad 4 months ago in reply to Gerald Chau

Hi everyone!
Please make sure that it is the "SMTP From" address that you have put into the Allow list and not the "Header From"
this is because what really counts is the 'SMTP From' (or Envelope-from) value when it comes to email transaction. The 'Header From' is the "From:" in the body of the email which is very easy to spoof and so if Allow list is based on it instead then there a lot more chances of False Positives.
Here is a screenshot of what I mean:
Cancel
Vote Up +2 Vote Down

Cancel

Children

0 Gerald Chau 4 months ago in reply to josepalad

Hi Josepalad,

So what if the user/sender uses an Email Service Provider such as Sendgrid or send through a platform such as Salesforce?

You wouldn't be able to whitelist that as it will allow all legitimate and non-legitimate emails then right?
Cancel
Vote Up +1 Vote Down

Cancel
0 Stuart James 4 months ago in reply to Gerald Chau

Came here to say exactly that Gerald Chau

We can't whitelist *.sendgrid josepalad because that would be a big problem - it would effectively whitelist anyone that uses Sendgrid, which are hundreds of thousand of companies, if not more.

Need a way to whitelist SMTP From sendgrid.net where the Header From equals XXXX - maybe there's a better way?
Cancel
Vote Up +1 Vote Down

Cancel
0 Gerald Chau 4 months ago in reply to Stuart James

Agreed Stuart James , we've actually seen a lot of spammers use Sendgrid and other ESPs as well so definitely cannot just whitelist any ESP addresses.
Cancel
Vote Up 0 Vote Down

Cancel