Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Sophos Email: What is the Sophos SND Quarantine folder in Outlook

Search & Destroy 

Search and Destroy, Sophos Email's new post-delivery protection capabilities for O365, is about finding malicious emails already in the mailbox of the users. 

Sophos Email Advanced allows Sophos to identify and automatically remove emails containing malicious links and malware before a user clicks on them. 

Sophos SND Quarantine Folder 

The sophos_snd_quarantine is the folder that Office/Outlook creates for Search and Destroy, when you enable this feature, this allows Central Email to scan emails that are in O365 user inboxes, in case there are new detections created POST delivery. Once an email is in this folder the user can't access to the email until an Admin releases the email from central. 

If the scanner finds the email has malicious components, it’ll put it into the 'Logs & Reports >> Email Security >> Post Delivery Summary" page, where the central Admin can either release the email or delete them.

Only the Central Email Admin user can release these emails, , they can be released by clicking on the Subject of the email, and clicking on the Release Button.

Additional Links 

Post Delivery Protection setup

Post Delivery Quarantine Message Details 

In collaboration with  




Added tags
[edited by: Raphael Alganes at 5:57 AM (GMT -7) on 7 Jun 2023]