Skip to content

Domains Settings/Status

Configure and manage email domains protected by Sophos Gateway.

To do this, go to My Products > General Settings > Domain Settings / Status.


Domain Settings / Status supports multiple domains, but you'll need to verify ownership of each domain.

Add a domain


Instructions on how to set up your Sophos Gateway domain for common providers are available online. Example: Microsoft 365 (formerly Office 365).

To view the instructions:

  1. Expand Configure External Dependencies.
  2. Under Inbound Settings, click the link for your chosen provider.
  3. Use the information to help you configure your email domain.

    Click Outbound Settings to view your outbound relay host.

To add a domain, do as follows:

  1. Go to My Products > General Settings > Domain Settings / Status.
  2. Click Add Domain.
  3. In the Email Domain text field, enter your email domain. Example:

    Domain ownership must be verified before mail will be delivered through Sophos Central. To verify domain ownership, you need to add a TXT record to your domain. Adding this record will not affect your email or other services.

  4. Click Verify Domain Ownership.

  5. Use the details given in Verify Domain Ownership to add the TXT record to your Domain Name Server (DNS).


    This can take up to ten minutes to take effect.

  6. Click Verify.


    You can't save an unverified domain. You must correct any issues with the domain ownership verification.

  7. Select the direction you want to configure the domain for. Choose from Inbound Only or Inbound and Outbound.

  8. For your inbound destination, select whether you wish to use a mail host or a mail exchange (MX) record in the Inbound destination drop-down list.


    You must use a mail exchange record if you want to use multiple destinations.

    1. If you selected Mail Host, enter an IP address or a fully-qualified domain name (FQDN) in the IP/FQDN text field. Example: or
    2. If you selected MX, enter an FQDN in the MX text field. Example:
  9. Enter the port number for your email domain.

  10. If you selected Inbound and Outbound, you need to choose one or more outbound gateways from the following:

    • Microsoft 365
    • Google Apps Gateway
    • Custom Gateway

    You can set up one or more email servers to send outbound messages for the same domain.

    If you select Custom Gateway, at least one IP address and CIDR (subnet range) is required. Enter the IP address and CIDR and click Add. You can add multiple IP addresses or ranges.

    You can also set up destinations for your outbound messages. See Custom SMTP Routing.

  11. Expand Information to configure External Dependencies.

    The Mail Routing Settings tab shows the Sophos delivery IP addresses and MX record values used for configuring mail flow for your region.

    1. Make a note of the appropriate settings so that you know where to allow SMTP traffic from.
    2. Ensure that you configure your mail flow for Email Security.
  12. Click Save to validate your settings.

  13. Click the Base Policy link to configure spam protection.


Spam protection applies to all protected mailboxes by default. You must review the settings to check that they are appropriate.

You can add extra domains at any time.

Delete a domain

To delete a domain, click on the gray cross to the right of the domain you wish to remove.

Edit a domain

To edit a domain, click on the domain name in the list, change the settings and click Save.

Managing Microsoft 365 domains

If you've added Microsoft 365 (formerly Office 365) tenant domains, you can do the following:

  • Connect your tenant domain to allow Microsoft 365 Security to run.


    Only Super Admins can set up an M365 connection for any domain.

  • Disconnect your tenant domain.

  • Click Configure Post Delivery to turn on Auto search and remediate and On demand clawback for your Microsoft Office 365 users.

To find out how to set up Auto search and remediate and On demand clawback, see M365 Security.

Use Auto search and remediate to move messages from your users' inboxes to post delivery quarantine, when they turn malicious.

Use On demand clawback to manually retract delivered messages from the mailboxes of one or more recipients into post delivery quarantine if you consider the message unsuitable for the recipient.

You can view, delete, or release messages from Quarantined Messages.