Overview
If your organization uses Sophos for spam filtering, the steps you'll take to report spam and manage quarantine messages will be a little different than organizations using Microsoft 365 for spam filtering. Please follow the steps in this guide. And as always, if you have any questions or feedback on how to improve our guide, please don't hesitate to contact the Help Desk!
Contents
What is the Quarantine?
Managing Quarantine Messages in Outlook
Quarantine Actions
Frequency of Sophos Quarantine Emails
Managing Quarantine Messages in the Web App
Sign into the Sophos quarantine portal
Quarantine
Allow/Block
Questions?
What is the Quarantine?
The Quarantine is simply a place where messages are suspended if Sophos' filters suspect they are spam or contain a virus. You can review and take action on your own quarantined email through the Quarantine Summary emails, detailed in the next section below.
Managing Quarantine Messages in Outlook
❗ If you see a "Sophos Quarantine Summary" email in your Inbox, don't ignore it! The summary email will contain a list of emails that have been quarantined by the Sophos spam filter and are awaiting action by you, as shown in the screenshot below.
Quarantine Actions
Here is an explanation of some of the actions you can take on those messages:
- Release: Releases the message from quarantine to your inbox.
- Delete: Deletes the message from your quarantine (does not deliver it to your mailbox at all).
Frequency of Sophos Quarantine Emails
The quarantine email summary will typically come in three times a day.
Managing Quarantine Messages in the Web App
Towards the top of the End User Digest email, you'll see an option for "Manage quarantined messages", as shown below.
Clicking this link will open a new browser window where you can manage your quarantine in the Sophos web app.
💡 To find the web app outside of the Sophos quarantine email, simply open a browser window and navigate to http://sophos.com/ssp. |
Sign into the Sophos quarantine portal
- Enter your work email address, then click Continue.
- Then click to Sign in with Microsoft. If you are prompted to sign in again, please sign in with your work email address, password, and approve the push notification from your Microsoft Authenticator app on your mobile device.
- You will land on the Sophos Email Security homepage, where you can view your Quarantine, Allow/Block lists, and Distribution Lists Quarantine.
Quarantine
On the Quarantine page, once you check the box next to a desired message, you will see the action options turn blue. Here is an explanation of some of the actions you can take on those messages:
- Release: Releases the message from quarantine to your inbox.
- Release and Allow: Releases the message from quarantine to your inbox, and the sender is added to your personal allowed senders list.
- Delete: Deletes the message from your quarantine (does not deliver it to your mailbox at all).
- Delete and Block: Deletes the message from your quarantine, and the sender is added to your personal blocked senders list.
Allow/Block
On the Allow/Block page, you can manage your lists of blocked or allowed/safe senders. You can click the dropdown on the right to Add an email address or domain to your allow or block list. If you check the box next to an existing entry, you can select to Delete it to remove it from your allow/block list.
❗ On adding an entire domain to your Allow listWhile you can do it, it's not always the best idea. When you add a domain name (e.g., yahoo.com) to your allow list, all email addresses from that domain will be considered "safe." That also means any malicious email from those domains will easily make their way to you. Allowing an entire domain is useful if you are certain you wish to receive messages from any sender from a specific domain (i.e. coalition partners, co-counsel firms, etc.). You should not allow entire domains for generic email services like google.com, aol.com, yahoo.com, outlook.com, etc., or any domains that may have addresses that are not known to be associated with a specific partner or firm. Doing so would allow any messages from that domain to be delivered to your inbox, including those from senders you do not know or who may not be safe. Summary: In most cases, you should restrict your allow list to specific senders by using the sender's full email address (i.e. john.doe@yahoo.com). |
Comments
0 comments
Article is closed for comments.