Smart banners

When you turn on Smart banners, a banner is displayed at the top of inbound HTML format email messages to show if the email is trusted.

Smart banners use different colors and messages to show whether an email passed DNS checks. The checks include DKIM, SPF, and DMARC.

You can turn smart banners on or off. You can also turn each type of smart banner on or off.

Smart banners are put into HTML format emails received from outside the organization. They can't be added to text format emails.

If a member of your organization forwards an email to another member of your organization, the banner remains in the forwarded email.

Emails from Sophos, for example Quarantine Summary emails, don't contain banners.

Impersonation Protection also uses Smart banners. If you turn Smart banners off, Impersonation Protection still works but can't add banners to emails.

Links in smart banners

Smart banners can contain links that email recipients can click. These can add the sender's address to an allow list or to a block list.

If you want recipients to use allow lists and block lists, go to Global Settings > Self Service Settings and turn the Allow / Block List option on.

You can also give recipients the option to report messages to SophosLabs to help us improve our spam detection. If you enable this, users see the option when they click Block Sender.

We strongly recommend that you route outbound email through Sophos Central before turning on smart banners. If you don't, external recipients see banners in replies or forwarded emails.

If you want to use links in smart banners, you must route your outbound email through Sophos Central.

Types of smart banner

The different types of banner are as follows:

  • Trusted: This banner is green. It shows that the email sender is in the allowed list and passed DMARC.

    Example green smart banner
  • External: This banner is yellow. It shows that DNS checks showed one of the following:
    • The sender is in the allow list and the DMARC check passed, but the Trusted banner is disabled.
    • The sender isn't in the allow list, and the DMARC check passed.
    • No DMARC policy is set.

    Example yellow smart banner
  • Untrusted: This banner is orange. It shows that the DMARC policy is set, but the DMARC check failed.

    Example orange smart banner

You can turn each type of smart banner on or off. Go to Email Gateway > Policies, select a policy and click Settings.

You can edit the settings for the banners. This controls the actions users can see in each banner.

Choose from the following options:

  • Allow Sender: The sender's email address is added to an allow list.
  • Block Sender: The sender's email address is added to a block list.
  • Report Spam messages to Sophos: If this feature is turned on, when users block a sender they can also report the message as spam to SophosLabs. This helps us improve our spam detection.