Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=email-allow-block-behavior

What happens when you allow a domain?

When you add a domain to an allow list, some checks are bypassed for emails coming from that domain. Sophos Email still performs malware scanning even if you add a domain to an allow list.

Our actions are determined by whether an administrator or user previously allowed the domain.

Administrator allows a domain

What we do depends on whether you've turned on Enforce Sender Authentication.

If you enforce sender authentication for addresses or domains in the administrator's allow list, inbound emails will skip the following scans if the message passes at least one authentication check (DMARC, SPF, or DKIM):

  • Header anomalies
  • Impersonation protection
  • Anti-spam
  • Data control

If an email from the allowed address fails all the authentication checks, or if you've turned off Enforce Sender Authentication, Sophos Email disregards the address or domain, and all scans are performed.

To defend against emails spoofed from addresses on the allow list, we recommend enforcing sender authentication for the entries on the administrator allow list.

User allows a domain

User allow list always has enforced sender authentication. Inbound emails will skip the following scans if they pass at least one authentication check (DMARC, SPF, or DKIM):

  • Impersonation protection
  • Anti-spam

If an email from the allowed address fails all the authentication checks, Sophos Email disregards the address or domain, and all scans are performed.