Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=email-antispam

Anti-spam

In Anti-spam, you can choose actions to take for each category. We analyze emails, assign a spam score, and categorize them accordingly. The higher the score, the more likely the message is to be spam.

Depending on their spam score, messages are split into the following categories:

  • Confirmed Spam: Messages conforming to known and verified spam patterns.
  • Bulk: Solicited messages sent using mass mailing, such as newsletters sent to a mailing list.

  • Suspected Spam: Messages that don't conform to known and verified spam patterns but have been identified as suspicious.

    You can adjust the suspected spam catch rate using the slider. As you slide towards higher levels, the detection becomes more aggressive. Sophos Central categorizes the suspected spam messages based on their level. For example, a message corresponding to an L3 spam level will be marked as "Suspected L3" in Message History.

    Improvements to the suspected spam slider might not be available for all customers yet.

    The following video shows you how to view suspected spam messages and their corresponding spam levels in Message History.

Actions

You can choose actions for each category as follows:

  • Deliver: The message is delivered to the next anti-spam feature for checking. It doesn't mean the message is sent to the user.
  • Delete: The message is deleted immediately.
  • Quarantine: The message is held in quarantine. You can release quarantined messages when you're sure they're safe.
  • Tag subject line: The message is tagged with a prefix and delivered to the user. The tag appears at the start of the subject line. You can customize it using up to 30 characters.

You can select Include In End User Quarantine to send messages to End User Quarantine. See End User Quarantine.

Select "Include In End User Quarantine" option.

You can also configure Quarantine Summary Settings and schedule when quarantine summary emails are sent to users. See Quarantine Summary Settings.

Configure Quarantine Summary Settings.

Default settings

The default settings are as follows:

  • Confirmed Spam: Quarantine
  • Bulk: Quarantine
  • Suspected Spam: Tag subject line

We recommend you set Confirmed Spam and Bulk to Quarantine and Suspected Spam to Tag subject line so you can review the message before taking further action.

For security reasons, we'll quarantine any message with an excessively large body.