Skip to content

Smart banners

When you turn on Smart banners, a banner is displayed at the top of inbound HTML format email messages to show if the email is trusted.

Smart banners use different colors and messages to show whether an email passed DNS checks. The checks include DKIM, SPF, and DMARC.

You can turn smart banners on or off. You can also turn each type of smart banner on or off.

Smart banners are put into HTML format emails received from outside the organization. They can't be added to text format emails.

If a member of your organization forwards an email to another member of your organization, the banner remains in the forwarded email.

Emails from Sophos, for example Quarantine Summary emails, don't contain banners.

Impersonation Protection also uses Smart banners. If you turn Smart banners off, Impersonation Protection still works but can't add banners to emails.


If you turn on Smart Banners, and are using a Google email server, you may see DMARC failures reported for inbound messages.

This might be because Google doesn't consistently process emails from IP addresses in its Gateway IPs list. To check your email settings and find out more, see Restrict delivery to Sophos IP addresses.

Smart banners can contain links that email recipients can click. These can add the sender's address to an allow list or to a block list.

If you want recipients to use allow lists and block lists, go to Global Settings > Self Service Settings and turn the Allow / Block List option on.

We strongly recommend that you route outbound email through Sophos Central before turning on smart banners. If you don't, external recipients see banners in replies or forwarded emails.

If you want to use links in smart banners, you must route your outbound email through Sophos Central.

Reporting spam to SophosLabs

You can also give recipients the option to report messages to SophosLabs.

This is our preferred method of reporting spam and other malicious messages to us. It helps us improve our detection methods and learn about new threats. This gives you better protection.

If you turn this on, when users click Block Sender they see an option to report the message to SophosLabs.

Types of smart banner

The different types of banner are as follows:

  • Trusted: This banner is green. It shows that the email sender is in the allowed list and passed DMARC.

    Example green smart banner

  • External: This banner is yellow. It shows that DNS checks showed one of the following:

    • The sender is in the allow list and the DMARC check passed, but the Trusted banner is disabled.
    • The sender isn't in the allow list, and the DMARC check passed.
    • No DMARC policy is set.

    Example yellow smart banner

  • Untrusted: This banner is orange. It shows that the DMARC policy is set, but the DMARC check failed.

    Example orange smart banner

You can turn each type of smart banner on or off. Go to Email Security > Policies, select a policy and click Settings.

You can edit the settings for the banners. This controls the actions users can see in each banner.

Choose from the following options:

  • Allow Sender: The sender's email address is added to an allow list.
  • Block Sender: The sender's email address is added to a block list.
  • Report Spam messages to Sophos: If this feature is turned on, when users block a sender they can also report the message as spam to SophosLabs. This helps us improve our spam detection.