Skip to content

Domains Settings/Status

Configure and manage email domains protected by Sophos Gateway.

Go to Global Settings > Domain Settings/Status.

Add a domain


Instructions on how to set up your Sophos Gateway domain for common providers are available online. Example: Microsoft 365 (formerly Office 365).

To view the instructions:

  1. Expand Configure External Dependencies.
  2. Under Inbound Settings, click the link for your chosen provider.
  3. Use the information to help you configure your email domain.

    Click Outbound Settings to view your outbound relay host.

To add a domain:

  1. Click Add Domain.
  2. In the Email Domain text field enter your email domain. Example:

    Domain ownership must be verified before mail will be delivered through Sophos Central. To verify domain ownership, you need to add a TXT record to your domain. Adding this record will not affect your email or other services.

  3. Click Verify Domain Ownership.

  4. Use the details given in Verify Domain Ownership to add the TXT record to your Domain Name Server (DNS).


    This can take up to ten minutes to take effect.

  5. Click Verify.


    You can't save an unverified domain. You must correct any issues with the domain ownership verification.

  6. Select the direction you want to configure the domain for. If you select Inbound and Outbound you will need to select an outbound gateway from the drop-down list. If you select Custom Gateway, at least one IP/CIDR (subnet range) is required. Enter the IP and CIDR and click Add. You can add multiple IP addresses/ranges.

  7. Select whether you wish to use a mail host or a mail exchange (MX) record in the Inbound destination drop-down list.


    You must use a mail exchange record if you want to use multiple destinations.

    1. If you selected Mail Host enter an IP address or a fully-qualified domain name (FQDN) in the IP/FQDN text field. Example: or
    2. If you selected MX enter an FQDN in the MX text field. Example:
  8. In the Port text field enter the port information for your email domain.

  9. Expand Information to configure External Dependencies.

    The Mail Routing Settings tab shows the Sophos delivery IP addresses and MX record values used for configuring mail flow for your region.

    1. Make a note of the appropriate settings so that you know where to allow SMTP traffic from.
    2. Ensure that you configure your mail flow for Email Security.
  10. Click Save to validate your settings.

  11. Click the Base Policy link to configure spam protection.


Spam protection applies to all protected mailboxes by default. You must review the settings to check that they are appropriate.

You can add extra domains at any time.

Delete a domain

To delete a domain, click on the gray cross to the right of the domain you wish to remove.

Edit a domain

To edit a domain, click on the domain name in the list, change the settings and click Save.

Managing Microsoft 365 domains

If you've added Microsoft 365 (formerly Office 365) tenant domains, Super Admins can do the following:

  • Connect your tenant domain to allow Microsoft 365 Security to run.
  • Disconnect your tenant domain.
  • Click Configure Post Delivery to turn on Auto search and destroy for your Microsoft Office 365 users.

To find out how to set up Auto search and destroy, see Post delivery protection.

Auto search and destroy removes malicious emails from your users' inboxes. You can look at emails, and delete or release them, from Quarantined Messages.