Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=email-antispam-country-of-origin

Country of origin

You can supplement the anti-spam filtering by using the country of origin protection that lets you disallow messages from selected countries. For example, if you don't conduct business with any company in a certain country, then you can disallow that country of origin for your messages.

You can configure actions such as tagging the subject line, quarantining, or deleting these emails.

Configuration

To configure the country of origin protection, do as follows:

  1. In your Email Security policy, go to Settings > Inbound > Country of origin.

  2. Make sure Check for every message hop is selected.

    This setting prevents the sender from circumventing the protection by using an IP address registered in a country not disallowed by you as the origin of the message. With this setting, an attacker can't bypass your protection by sending the message via a remote mail client located in a country you allow. Even if the message originates from an allowed country, subsequent message hops are likely to be in the attacker's actual country, and the message is therefore blocked.

    Note

    The evaluation based on the sender's IP address may result in false positives, as it might be registered in a different country than the one used to send the email.

  3. Select the actions you want to take. You can choose from:

    • Tag subject line
    • Quarantine
    • Delete

  4. (Optional) Select Include In End User Quarantine to let your users view, release, or delete these messages themselves. For more information, see End User Quarantine.

  5. Select the countries you want to disallow.

    Note

    Disallowing messages from the US isn't recommended. Many senders register their IP addresses in the US, although they're located in another country. Disallowing messages from the US will likely result in a significant increase in false positive detections, where a message sent from another country is incorrectly detected as a message sent from the US.

  6. Save the policy.

The country of origin protection is configured. Sophos Email will perform the action you configured if emails come from a disallowed country. For more details about the disallowed messages, you can view the Message History report and Quarantined Messages.