This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Notification to sender if an email gets quarantined

Hi everyone!

Is there a way in UTM 9 to let the sender of an email know, that his email has been quarantined?

For example if the email is blocked due to an "File Extension Filter", the sender should be notified, that his email has been blocked.

And/or is it possible to notify the recipient?

Thanks for your help!

Tom



This thread was automatically locked due to age.
  • Very good idea. If there is a feature request, i will support it definitly!


    Sophos Platinum Partner 
    Sophos Certified Architect
    (Ceritfied UTM Architect / Certified XG Architect)

  • Hi Folks!

    Is there an update regarding such a feature?

    Or is it already implemented?

    Thanks and regards

  • Hi. NO currently not supported / implemented.


    Sophos Platinum Partner 
    Sophos Certified Architect
    (Ceritfied UTM Architect / Certified XG Architect)

  • Hello,

     

    is there any news on this feature.

    What we are looking for is the notification to an external person that sent a mail to our company with an XLS or DOC file (which we have blocked) that his mail was not delivered.

    Is that possible?

  • You may have noticed that UTM is not getting many wish-list items implemented, so expect the best ideas to appear in a different product, rather then UTM.

    However, this idea is not likely to be implemented ever.   Your request assumes that the (a) the reply will go to the actual originator of the message, and (b) the recipient does not have malicious intent.   The email infrastructure is so insecure that these are not reasonable assumptions, which is why you are blocking those attachments in the first place.

    If the sender is fraudulent and impersonating, the reply may go to someone who did not send the message.   If the spammer is hammering you, your replies may begin hammering the third-party, and that third party may cause you to be blacklisted.   

    If the sender is not impersonating, but hostile, you still have a problem.  Telling him that his Office Macro attack did not work will only help him move more quickly to a different attack vector.

    Of course, you also have the problem of the legitimate sender who is infected.  So your best friend may be sending you an Office Macro attack when he only thinks he is sending you a simple document.

    The whole thing stinks, but IETF is interested in interoperability, not security.   Microsoft has nothing to brag about either.

  • Hi Douglas,

     

    thank you for all the valuable thoughts.

    Yes I agree it doesn´t make much sense to implement a feature like this.