Email Gateway

Email Gateway provides protection against spam, spoofing, viruses and advanced threats.


Restriction This option is only available if your license includes Sophos Email.

Set up Email Gateway to protect your domains and mailboxes. To do this:

  • Add mailboxes you want to protect.
  • Add email domains you want to protect.
  • Configure Policies and Settings.

Add mailboxes to Email Gateway

You can add mailboxes to Email Gateway.

You can add mailboxes in the following ways:

  1. Automatically using Active Directory Sync. You can choose from the following Active Directory services:
    • AD Sync
    • Azure Sync
  2. Manually using the UI.
  3. Manually using .csv import.

Domains Settings/Status

Configure and manage email domains protected by Email Gateway.

Go to Settings > Domain Settings/Status.

Add a domain

Tip Instructions on how to set up your domain for common providers are available online. Example: Office 365.

To view the instructions:

  1. Expand Configure External Dependencies.
  2. Under Inbound Settings, click the link for your chosen provider.
  3. Use the information to help you configure your email domain.

    Click Outbound Settings to view your outbound relay host.

To add a domain:

  1. Click Add Domain.
  2. In the Email Domain text field enter your email domain. Example:

    Domain ownership must be verified before mail will be delivered through Sophos Central. To verify domain ownership, you need to add a TXT record to your domain. Adding this record will not affect your email or other services.

  3. Click Verify Domain Ownership.
  4. Use the details given in Verify Domain Ownership to add the TXT record to your Domain Name Server (DNS).
    Note This can take up to ten minutes to take effect.
  5. Click Verify.
    Caution You cannot save an unverified domain. You must correct any issues with the domain ownership verification.
  6. Select the direction you want to configure the domain for. If you select Inbound and Outbound you will need to select an outbound gateway from the drop-down list. If you select Custom Gateway, at least one IP/CIDR (subnet range) is required. Enter the IP and CIDR and click Add. You can add multiple IP addresses/ranges.
  7. Select whether you wish to use a mail host or a mail exchange (MX) record in the Inbound destination drop-down list.
    Note You must use a mail exchange record if you want to use multiple destinations.
    1. If you selected Mail Host enter an IP address or an FQDN (fully-qualified domain name) in the IP/FQDN text field. Example: or
    2. If you selected MX enter an FQDN in the MX text field. Example:
  8. In the Port text field enter the port information for your email domain.
  9. Expand Information to configure External Dependencies.

    The Mail Routing Settings tab shows the Sophos delivery IP addresses and MX record values used for configuring mail flow for your region.

    1. Make a note of the appropriate settings so that you know where to allow SMTP traffic from.
    2. Ensure that you configure your mail flow for Email Security.
  10. Click Save to validate your settings.
  11. Click the Base Policy link to configure spam protection.
Note Spam protection applies to all protected mailboxes by default. You must review the settings to check that they are appropriate.

You can add extra domains at any time.

Delete a domain

To delete a domain, click on the gray cross to the right of the domain you wish to remove.

Edit a domain

To edit a domain, click on the domain name in the list, change the settings and click Save.

Policies and Settings

Configure Policies and Settings.

  • Go to Policies to configure, edit or delete Email Security and Data Loss Prevention policies.
  • Go to Settings to configure, edit or delete Email Gateway settings.