Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=email-new-domain-protection

NRD Protection

Newly Registered Domain (NRD) Protection detects inbound emails sent from domains that were registered recently.

Attackers often use newly registered domains for phishing or spam campaigns. NRD Protection helps identify these messages and apply the action you configure.

When this feature is turned on, Sophos Email evaluates the sender's domain registration age and applies the selected action if the domain was registered within the specified time period.

Configure NRD Protection

To configure NRD Protection, do as follows:

  1. In your Email Security policy, go to Settings > Inbound > New domain/sender.
  2. Turn on Newly Registered Domain (NRD) Protection.
  3. Select the Domain age threshold. Emails from domains registered within this period are flagged as newly registered.
  4. (Optional) Select Include "Envelope from" domain to evaluate both the Header from and Envelope from domains.

  5. Select the action to apply when a newly registered domain is detected.

    You can choose from the following options:

    • Quarantine: Place the message in quarantine. You can release quarantined messages when you're sure they're safe. See Quarantined Messages.

      Note

      You can select Include In End User Quarantine to let your users view, release, or delete these messages themselves. For more information, see End User Quarantine.

    • Deliver: Deliver the message to the user.

    • Tag: Tag the message and deliver it to the user. The tag appears at the start of the message subject line. You can customize the tag using up to 65 characters. The default tag is [Newly registered domain].

    • Banner: Add a smart banner to the message to help your users decide what action to take with the message.

      Note

      You can select Report spam to allow users to report the message to Sophos.

  6. Save the policy.

When NRD Protection is triggered, Sophos Email applies the configured action to the message. If the Banner action is selected, Sophos Email shows a warning that the sender domain was recently registered and may pose a higher risk of spam or phishing.