Skip to content

Smart banners

When you receive emails, a colored smart banner at the top helps you assess if the email is safe or not. Emails from Sophos or your organization won't contain smart banners. Here's what each smart banner means:

  • Green (Trusted): The sender is approved, and the email passed security checks.
  • Yellow (External): The sender's legitimacy is uncertain, requiring further validation.
  • Orange (Untrusted): The email didn't pass security checks.
  • Red (Impersonation): Someone's impersonating another individual or entity.

What you can do

  • Allow sender: If you trust the sender, you can add them to your allow list.
  • Block sender: If you don't trust the sender, you can stop their emails from reaching you.

You can also report suspicious emails to Sophos. See Report spam messages to Sophos.

Allow a sender again

If you accidentally blocked a trusted sender, do as follows:

  1. Go to your Self Service Portal, then click Allow/Block.
  2. Find and select the sender's email address, then click Delete to remove them from the blocked list.
  3. Click Allow sender in the email to add them back to your allow list.

Note

  • If your administrator changes global settings, like allowing blocked senders, you might receive emails differently.
  • If an email doesn't have a smart banner, treat it like a potentially risky one.

Note

For plain text emails, the following behavior applies:

  • The smart banner shows as text at the beginning of the email body, using the same content you've set.
  • The smart banner remains visible in reply or forwarded emails.