Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=email-impersonation-protection-settings

Impersonation Protection

This is available with an Email Advanced license only and is turned on by default.

You can detect emails that pretend to be from well-known brands or very important people (VIPs) in your organization.

Choose the action taken when we detect these emails.

If you add a banner to suspect emails, you can select the actions the users see in the banner.

Choose from the following options:

  • Block Sender: The sender's email address is added to a block list.
  • Report Spam messages to Sophos: Users can report suspicious messages to SophosLabs. This helps us improve our impersonation detection.

Example impersonation banner

If you turn on Report Spam messages to Sophos, when users click Block Sender in an email, they see an option to report the message to SophosLabs. This helps us improve our detection methods and learn about new threats.

We can only apply banners to HTML format emails, not plain text emails.

You can add email addresses for VIPs in VIP management.

For more information, see Impersonation Protection and VIP Management.