Skip to content

Sophos Gateway email domains

This page is for Sophos Gateway only. For IP address information for Sophos Mailflow, see Sophos Mailflow IP addresses .

When you set up external email services to work with Sophos Gateway, you must use these domains and IP addresses in your email service configuration. This directs messages through our services so that we can scan them for threats.

You must use the values that match the region you chose when you created your Sophos Central account. For each section below find and copy the value that matches that region.

You can change the following:

  • Gateway IP addresses. You must restrict delivery to our IPs to make the integration between Sophos Gateway and your mail host more secure. See Sophos email gateway IP addresses.
  • MX records. You must change these to direct messages to our servers. See Sophos MX records.
  • SPF records. You must add our SPF records so that outgoing email goes through our servers. See Sophos SPF domains.
  • Outbound relay host. You might need to set this to integrate with Microsoft Exchange or other clients. See Sophos email outbound relay.

To find out how to configure external email services, see Integrate with external services.

Sophos email gateway IP addresses

Using an IP address other than the one specified for your region prevents mail from flowing correctly.

Copy the IP addresses for your region.

Region Sophos gateway IPs
US (West) 52.41.236.76

50.112.39.248

198.154.181.128/26

US (East) 18.220.12.142

18.216.7.10

103.246.251.128/26

Germany 52.58.166.242

52.29.100.147

94.140.18.128/26

Ireland 52.208.126.243

52.31.106.198

198.154.180.128/26

Canada 85.113.88.128/26
Australia 192.175.3.128/26
Japan 198.160.151.128/26
India 159.112.232.128/26
Brazil 64.69.223.128/26

Go back to the configuration instructions for the external email service you're configuring.

Sophos MX records

Copy the MX records for your region.

Take care to ensure that the spelling and numbers are correct. Using MX record names other than those provided prevents mail from flowing correctly.

Region MX Records
United States (West) 10, mx-01-us-west-2.prod.hydra.sophos.com

20, mx-02-us-west-2.prod.hydra.sophos.com

United States (East) 10, mx-01-us-east-2.prod.hydra.sophos.com

20, mx-02-us-east-2.prod.hydra.sophos.com

Germany 10, mx-01-eu-central-1.prod.hydra.sophos.com

20, mx-02-eu-central-1.prod.hydra.sophos.com

Ireland 10, mx-01-eu-west-1.prod.hydra.sophos.com

20, mx-02-eu-west-1.prod.hydra.sophos.com

Canada 10, mx-01.eml100yul.ctr.sophos.com

20, mx-02.eml100yul.ctr.sophos.com

Australia 10, mx-01.eml100syd.ctr.sophos.com

20, mx-02.eml100syd.ctr.sophos.com

Japan 10, mx-01.eml100hnd.ctr.sophos.com

20, mx-02.eml100hnd.ctr.sophos.com

India 10, mx-01.eml100bom.ctr.sophos.com

20, mx-02.eml100bom.ctr.sophos.com

Brazil 10, mx-01.eml100gru.ctr.sophos.com,

20, mx-02.eml100gru.ctr.sophos.com

Go back to the configuration instructions for the external email service you're configuring.

Sophos SPF domains

You must use a Sophos SPF domain to direct outbound messages to us for scanning.

You can use _spf.prod.hydra.sophos.com, which is common to US (West), US (East), Germany and Ireland. You can also use a specific domain for the Sophos data center for your region.

Warning

You might get the error "SPF PermError: too many DNS lookups" after changing your SPF record. To solve this, use the specific domain for the Sophos data center for your region instead of _spf.prod.hydra.sophos.com.

For more details, see Prevent SPF PermError: too many DNS lookups.

Copy the SPF domain for your region.

Region Domain
United States (West) _spf_uswest2.prod.hydra.sophos.com
United States (East) _spf_useast2.prod.hydra.sophos.com
Germany _spf_eucentral1.prod.hydra.sophos.com
Ireland _spf_euwest1.prod.hydra.sophos.com
Canada _spf.eml100yul.ctr.sophos.com
Australia _spf.eml100syd.ctr.sophos.com
Japan _spf.eml100hnd.ctr.sophos.com
India _spf.eml100bom.ctr.sophos.com
Brazil _spf.eml100gru.ctr.sophos.com

Go back to the configuration instructions for the external email service you're configuring.

Sophos email outbound relay

You don't need to add an outbound relay host if you're integrating with Microsoft 365 or Google Workspace.

To find out if you need to set up an outbound relay host, and how to do it, see Configure Exchange and all other clients.

Copy the domain for your region.

Region Outbound Relay Host
United States (West) relay-us-west-2.prod.hydra.sophos.com
United States (East) relay-us-east-2.prod.hydra.sophos.com
Germany relay-eu-central-1.prod.hydra.sophos.com
Ireland relay-eu-west-1.prod.hydra.sophos.com
Canada relay.eml100yul.ctr.sophos.com
Australia relay.eml100syd.ctr.sophos.com
Japan relay.eml100hnd.ctr.sophos.com
India relay.eml100bom.ctr.sophos.com
Brazil relay.eml100gru.ctr.sophos.com

Go back to the configuration instructions for the external email service you're configuring.

Back to top