End-user message settings

When you turn on End-user message settings, a smart banner is displayed at the top of inbound messages to show whether the message is trusted. End-user message settings use smart banners to inform end users about the type of message received. You can customize the message to show whether a message passed the DMARC check. These settings can be toggled on or off individually, allowing granular control.

End-user message settings apply to both HTML and plain text messages received from outside the organization. If a member of your organization forwards a message to another member, the smart banner remains in the forwarded message.

Messages from Sophos, such as quarantine summary messages, don't contain smart banners.

Types of smart banners

The different types of smart banners are as follows:

Trusted: This smart banner is green. It shows that the sender is in the allow list and the email passed the DMARC check.
External: This smart banner is yellow. It shows that DNS checks showed one of the following:
- The sender is in the allow list and the email passed the DMARC check, but the Trusted smart banner is turned off.
- The sender isn't in the allow list and the email passed the DMARC check.
- The sender hasn't set the DMARC record in DNS, so we can't evaluate whether the email passed or failed the DMARC check.
Untrusted: This smart banner is orange. It shows that the DMARC policy is set, but the email failed the DMARC check.

You can turn each type of smart banner on or off. Go to Email Security > Policies, select a policy and click Settings.

You can edit the settings and the predefined text of the smart banners. This controls the actions users can see in each smart banner. Choose from the following options:

Allow sender: If this setting is turned on, users see Allow Sender in the smart banner. When they click Allow Sender, a new page appears confirming that the sender's email address has been added to their allow list. Users can manage their allow list through the Sophos Central Self Service Portal.
Block sender: If this setting is turned on, users see Block Sender in the smart banner. When they click Block Sender, a new page appears allowing them to add the sender's email address to their block list. Optionally, users can report the message as spam to SophosLabs.
Report Spam messages to Sophos: If this setting is turned on, users see Report in the smart banner. When they click Report, a new page appears allowing them to report messages as spam to SophosLabs. This helps us improve our spam detection.

Note

For plain text messages, the following behavior applies:

The smart banner shows as text at the beginning of the email body, using the same content you've set.
The smart banner remains visible in reply or forwarded emails.

Links in smart banners

Smart banners can contain links that email recipients can click. These add the sender's address to an allow or block list.

If you've configured Allow sender and Block sender in the smart banners and want recipients to use allow and block lists, you must also turn on Allow / Block List in Self Service Settings.

To see the Allow sender and Block sender links in the smart banners, do as follows:

Go to My Products > General Settings > Self Service Settings.
Turn on Allow / Block List.
Click Save.

When you receive inbound messages, you should be able to see the links in the smart banners.

We strongly recommend that you route outbound email through Sophos Central before you turn on End-user message settings. External recipients see smart banners in replies or forwarded emails if you don't.

You must route your outbound email through Sophos Central to use links in smart banners.

Note

In plain text banners, the options to include Allow sender or Block sender links won't be available. These options are available in HTML smart banners.