Skip to content
Last update: 2022-03-11

Prevent duplicate scans

If you set up a Sophos Mailflow connection to a Microsoft 365 domain that is already connected to Sophos Gateway, you should delete the Sophos Gateway connection to prevent duplicate scans.

If you don't delete the Sophos Gateway connection, your messages could be scanned twice. You might want to run Sophos Mailflow alongside Sophos Gateway for a short time to make sure everything is working, but we strongly recommend that you delete the Sophos Gateway connection as soon as possible.

To delete your Sophos Gateway connection, do as follows.

  1. Click Email Security > Settings > Domain Settings / Status.
  2. Click the domain name.
  3. In Domain details, click Delete domain.
  4. Click Delete to confirm.

You must undo any changes you made in your Microsoft 365 domain settings when you originally connected the domain to Sophos Gateway.

What happens if I have both connections active?

If you don't disconnect from Sophos Gateway, you're still protected and we prevent dual scanning if possible. If we detect both connections on a domain, Sophos Gateway forwards incoming messages to Sophos Mailflow for scanning and processing.

In some cases, for example with a real-time block list (RBL) in place, Sophos Gateway blocks inbound emails before we can detect whether a Sophos Mailflow connection exists for that domain. In that case you see a log event and rejection in your Sophos Gateway logs, and no event in your Sophos Mailflow logs.

If a message is scanned twice, you see duplicate entries in Message History and other reports.

If you're using Microsoft 365 email groups to scan a subset of mailboxes in a domain, we can't prevent two scans on each message. Your users will see double banners in emails, double quarantining of emails, and other confusing results.

Back to top