Overview
If your organization uses Sophos for spam filtering, the steps you'll take to report spam and manage quarantine messages will be a little different than organizations using Microsoft 365 for spam filtering. Please follow the steps in this guide. And as always, if you have any questions or feedback on how to improve our guide, please don't hesitate to contact the Help Desk!
Contents
- What is the Quarantine?
- Managing Quarantine Messages in Outlook
- Managing Quarantine Messages in the Web App
- Reporting Spam
- Questions?
What is the Quarantine?
The Quarantine is simply a place where messages are suspended if Sophos' filters suspect they are spam or contain a virus. You can review and take action on your own quarantined email through the Quarantine Summary emails, detailed in the next section below.
Managing Quarantine Messages in Outlook
❗ If you see a "Sophos Quarantine Summary" email in your Inbox, don't ignore it! The summary email will contain a list of emails that have been quarantined by the Sophos spam filter and are awaiting action by you, as shown in the screenshot below.
Quarantine Actions
Here is an explanation of some of the actions you can take on those messages:
- Release: Releases the message from quarantine to your inbox.
- Delete: Deletes the message from your quarantine (does not deliver it to your mailbox at all).
Frequency of Sophos Quarantine Emails
The quarantine email summary will typically come in three times a day.
Managing Quarantine Messages in the Web App
Towards the top of the End User Digest email, you'll see an option for "Manage quarantined messages", as shown below.
Clicking this link will open a new browser window where you can manage your quarantine in the Sophos web app.
💡 To find the web app outside of the Sophos quarantine email, simply open a browser window and navigate to http://sophos.com/ssp. |
Sign into the Sophos quarantine portal
- Enter your work email address, then click Continue.
- Then click to Sign in with Microsoft. If you are prompted to sign in again, please sign in with your work email address, password, and approve the push notification from your Microsoft Authenticator app on your mobile device.
- You will land on the Sophos Email Security homepage, where you can view your Quarantine, Allow/Block lists, and Distribution Lists Quarantine.
Quarantine
On the Quarantine page, once you check the box next to a desired message, you will see the action options turn blue. Here is an explanation of some of the actions you can take on those messages:
- Release: Releases the message from quarantine to your inbox.
- Release and Allow: Releases the message from quarantine to your inbox, and the sender is added to your personal allowed senders list.
- Delete: Deletes the message from your quarantine (does not deliver it to your mailbox at all).
- Delete and Block: Deletes the message from your quarantine, and the sender is added to your personal blocked senders list.
Allow/Block
On the Allow/Block page, you can manage your lists of blocked or allowed/safe senders. You can click the dropdown on the right to Add an email address or domain to your allow or block list. If you check the box next to an existing entry, you can select to Delete it to remove it from your allow/block list.
❗ On adding an entire domain to your Allow listWhile you can do it, it's not always the best idea. When you add a domain name (e.g., yahoo.com) to your allow list, all email addresses from that domain will be considered "safe." That also means any malicious email from those domains will easily make their way to you. Allowing an entire domain is useful if you are certain you wish to receive messages from any sender from a specific domain (i.e. coalition partners, co-counsel firms, etc.). You should not allow entire domains for generic email services like google.com, aol.com, yahoo.com, outlook.com, etc., or any domains that may have addresses that are not known to be associated with a specific partner or firm. Doing so would allow any messages from that domain to be delivered to your inbox, including those from senders you do not know or who may not be safe. Summary: In most cases, you should restrict your allow list to specific senders by using the sender's full email address (i.e. john.doe@yahoo.com). |
Reporting Spam or Phish
In desktop Outlook, you should see a Report to Sophos button in your Home ribbon. When you have a suspicious email selected that you want to report, click that button, then confirm that you want to report it as a suspicious message (spam or phish). That will help Sophos adjust its spam filter algorithm.
To report an email in webmail, there's two different ways to approach this -- 1) the default way to report emails in webmail that works well if you don't use webmail a lot, or, 2) if you use webmail frequently and report a lot of emails via webmail,
For 1), those of us who might not use webmail a lot and thus not need to report a lot of spam/phishes via webmail that frequently, you can simply click on the three little dots in the top right of the email and choose the "Report to Sophos" option that comes up in the context menu:
2) Of course if you do use webmail a lot and need to report emails frequently there, that extra click in 1) above can become a little inconvenient. To streamline the process, you can add the Sophos report icon to each email in webmail. To do so:
a) click on View then View settings:
b) (from left to right below) click on Mail, then Customize actions, click the box "Report to Sophos" so it shows filled in, click Save, and finally click the "x" in the top right:
c) now for each email in webmail, the Report Sophos icon will show up immediately when the email is viewed:
Questions?
The Sophos email will come from do-not-reply@cloud.sophos.com, but please remain vigilant in case bad actors try to disguise themselves as that email address! For email safety best practices, please see this guide.
If you have any questions or issues, please do not reply to the Sophos email. Instead, contact the Help Desk.
Comments
0 comments
Article is closed for comments.