Central Email (End user) - Setting up Self Service Portal, Allow/Block list, Banners, Emergency Inbox, Quarantine.

Hello Community,

This is the first post in a series of upcoming Community Recommended Reads for Sophos Central Email (enduser). 

In this Recommended Read we'll go over the following topics:

Setting up Self Service Portal

The Self-Service Portal allows users to manage their quarantine, Allow/Block sender list and check all inbound email from their Emergency inbox.

Once your Administrator has added you to Sophos Central, you would receive a Welcome to Sophos Central email

To start setting up your account click

1. "Set up my password", a window will show asking you to enter your email address so that you can receive a Verification Code

2. Check your mailbox for a new email with the subject "Sophos Account email verification code".

3. Enter the verification code in the previous window and click "Verify Code" followed by "Next"

4. After this, you'll land on your SSP (Self Service Portal) page.

From the Self Service Portal (SSP), you can manage your own Allow/Block list and, check your Quarantine Messages. If you have been given the role of a Distribution List owner you can also manage the quarantine for your Distribution list. 

The Emergency inbox allows you to view and manage your email address from the last 14 days. (You can't reply to email from the Emergency Inbox).

Note: The official Self Service Portal (SSP) URL is https://central.sophos.com/manage/self-service or https://sophos.com/ssp for short. We recommend bookmarking this as soon as you create your SSP account.

Manage the Allow/Block list

Most external emails will have a Banner and an Allow/Block option within the banner (Internal email from your co-workers and Sophos shouldn't have a banner).

A banner help you identify the trustworthiness of each incoming email visually.

By selecting Block Sender, subsequent emails coming from this sender won't arrive at your mailbox anymore since they'll get deleted.

By selecting Allow Sender, subsequent emails coming from this sender won't have the Allow/Block sender option.

In this example, we'll first select Block Sender, after we click Block, we'll get the following screen:

The next time the sender tries to send you an email, this won't arrive at your mailbox, the email will get deleted automatically.

NOTE: Administrators will be able to see emails blocked by your block list but won't be able to see the content of the email.

If you want to allow the sender again

1. Go to your Self Service Portal (SSP)

2. Click Allow/Block 

3. Find the sender's email address you want to allow again; select and click Delete

The next email coming from this sender will be allowed, however, you’ll see the Allow/Block sender option in the banner again.

NOTE: If you select Allow Sender but it fails one of the additional checks configured by your Central Email administrator, the banner will show Yellow, but without the Allow Sender option visible anymore.

NOTE: The Smart Banner will not include the Allow/Block link when an email is sent to a Distribution List or Public Folder.

BANNERS

As a user you’ll receive the following type of Banner colors:

  • GREEN = The sender is in the Allow list and passes the additional global checks

  • YELLOW = The sender isn’t in the Allow list AND one of the global checks has failed OR the sender is in the Allow list but failed one of the global checks.

  • AMBER = The sender fails the global checks and hasn't been added to the Allow list

NOTE: Your Allow/Block list is overridden by the Central Administrator Allow/List of your organization, so if you block abc@mail.com and your Administrator allows this sender or domain globally, you’ll receive the email. 

The difference is that the banner won’t show the Allow option:

NOTE: In rare cases, if an external inbound email doesn't include the banner, we recommend treating it as an AMBER banner email.

Another type of banner color you might receive is RED, this is called Impersonation banner, and it detects phishing emails that pretend to come from well-known brands or from important people within your organization:

Report Spam Messages to Sophos

A new feature some users might find is called "Report Spam Messages to Sophos" when clicking the bottom "Block Sender" in the banner, a new window will open with the following two options:

  1. Block this sender and report as Spam
  2. Block this sender

  

Note: This feature has to be enabled by the Central Admin administrator.

EMERGENCY INBOX

The emergency inbox allows you to check all the inbound email you have received. It’s an excellent option to use if you’re unable to access your mail client. If one of the emails contains an attachment, such as a PDF, you can download the attachment.

NOTE: You can’t reply to emails using the Emergency inbox.

QUARANTINE MESSAGES

When you have a Quarantine email you’ll receive an email like the following:

To release an email from quarantine access you can do it two ways:

1. Click the Release bottom directly from the Quarantine Summary email

Once you do that you’ll see the following screen

2. You can go directly to your Self Service Portal, and click Quarantine

Your quarantine messages will show and the reason, the most common reasons you’ll see are SPAM and Bulk (Bulk email are usually, emails sent from Newsletter you subscribe to).

If you click the subject of any of the emails you’ll be able to see the content of the message

Each email in your quarantine will have 4 options:

  1. Release = The email will be delivered to your email box, the next time an email from this sender arrives, it’ll end up in quarantine.
  2. Release and Allow = The email will be delivered to your email box, the next time an email from this sender arrives, it’ll be delivered to your email box (not quarantined). (When you click this, the sender will be added to your Allow list).
  3. Delete = The email will get deleted, the next time sender sends an email you’ll see it in the quarantine
  4. Delete and Block = The email will get deleted, the next time the sender sends an email it’ll block by the system and won’t show in your quarantine. (When you click this, the sender will be added to your Allow/Block list, so if you change your mind you can allow it later on.)

NOTE: You will get an email reminder until you check your Quarantine for a maximum of 30 days, the quarantine only keeps emails for 30 days. You’ll only receive Digest email (Quarantine) if you have quarantine messages.

TIP: If you’re waiting for an important email, check your SSP, the Quarantine Summary email isn’t sent instantly.

Related Information




Edited note relate to "Report Spam Messages to Sophos" since now it’s available in all regions
[edited by: emmosophos at 7:45 PM (GMT -7) on 23 Aug 2021]
  • Just been setting this up today for internal use and came across a rather embarrassing issue - which could be my fault but I can't understand how.

    I setup the Azure directory sync, all mailboxes protected then setup the federated link for end user sign in. Getting one of my colleagues to test I clicked their account and send them the welcome email.

    Ref: Sophos Central Admin: Enabling end-user access to the Self Service Portal (SSP)

    However it decided to send it to everyone who hadn't had it in the Central 'people' section, which, because it was synchronised with Azure directory included 'guests' from 365! So I had to apologies to my clients for the random email.

    This expected? It's going to be a nightmare if we set it up for a client and all the guests they have in their 365 tenant.

    On another note, the end users also can't login to Central for their quarantine using Microsoft, it just sits on the 'One moment while we log you in' screen indefinitely.