Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=email-allow-block-behavior

What happens when you allow an address or domain?

When you add an address or domain to the allow list using either the SMTP envelope sender address or the "From" header address, some checks are bypassed for emails coming from that address or domain. If either address matches an entry on the list, the appropriate action is triggered as configured, regardless of which address is used.

Sophos Email still performs malware scanning even if you add an address or domain to an allow list.

Administrator allows an address or domain

What we do depends on whether you've turned on Enforce Sender Authentication.

If you enforce sender authentication for addresses or domains in the administrator's allow list, inbound emails will skip the following scans if the message passes at least one authentication check (DMARC, SPF, or DKIM):

  • Header anomalies
  • Impersonation protection
  • Anti-spam
  • Country of origin
  • Language
  • Data control

If an email from the allowed address fails all the authentication checks, the allowed status of the address or domain is disregarded, and all scans are performed on the email. To defend against emails spoofed from addresses or domains on the allow list, we recommend enforcing sender authentication for the entries on the administrator allow list.

User allows an address or domain

User allow list always has enforced sender authentication. Inbound emails will skip the following scans if they pass at least one authentication check (DMARC, SPF, or DKIM):

  • Impersonation protection
  • Anti-spam
  • Country of origin
  • Language

If an email from the allowed address fails all the authentication checks, Sophos Email disregards the address or domain, and all scans are performed.