Skip to content

Inbound Allow/Block

You can create a list of email domains and addresses that you trust or don't trust.

Note

This option is only available if your license includes Sophos Email.

A list of domains and addresses that are allowed to connect with your email system, or are blocked from it, helps you control unwanted emails. Add domains and addresses you trust to the allow list, and those you don't trust to the block list. This setting only applies to inbound messages.

You can block or allow entire domain names, IP addresses, or specific email addresses. The domain or email address is added to the list and shown as allowed or blocked. This list is global and applies to all protected mailboxes.

If you add the same address or domain to both the allow and block lists, select Override duplicates. Your most recent choice is used.

You can view email addresses, domains and IPs you've already blocked, through the Message History and Quarantined Messages settings.

Users can set up their own allow and block lists in Sophos Central Self Service Portal. If there are any conflicts between their lists and the lists in Sophos Central Admin, the lists in Sophos Central Admin have priority.

Wildcards

Wildcards are supported for email addresses and domains. For example, *@domain.com would include any addresses that are part of domain.com. Subnet masks are supported from /16 to /32 (inclusive).

You can also use wildcards to block whole top level domains (TLDs). For example, *.top would block every email from the .top TLD. This is useful for blocking email from generic or geographic TLDs that you don't communicate with and are common sources of unwanted emails.

Wildcards are only supported at the beginning of an email address or at the end of a domain.

For example the following are supported:

  • *user@domain.com
  • *@domain.co*

The following are not supported:

  • use*@domain.com
  • user@domai*.com

Enforce sender authentication

If Enforce sender authentication is turned on for an address or domain, inbound messages are only delivered if they pass at least one of the DNS authentications: DMARC, SPF, or DKIM. This ensures that emails pretending to be from addresses on the allow list (spoofing) are scanned.

When you add domains and addresses to an allow list, you can turn on Enforce sender authentication for that domain or address.

You can also select addresses and domains in the allow list and click Remove sender authentication or Enforce sender authentication.

Multiple recipient emails

Emails from addresses in block lists are processed early in the checking process (the SMTP command). But emails are treated differently if they are addressed to multiple recipients who've treated the sending address differently in Sophos Central Self Service Portal.

For example an email is sent from user@domain.com to person1@sophosuser.com and person2@sophosuser.com.

If person1 has added user@domain.com to their block list in Sophos Central Self Service Portal and person2 hasn't, the email is sent to person2 and not to person1.

For more information about how we process emails from addresses and domains in allow and block lists, see Allow list authentication.

Use allow and block lists

To set up and manage allow and block lists, do as follows:

  • Go to Global Settings > Inbound Allow/Block:

  • Add an allowed domain or address.

  • Add a blocked domain or address.
  • Import a list of domains to block or allow. See Import allow/block list.
  • Delete a domain or address.

For help with setting up Email Security policies, see Email Security Policy.

For help on reviewing quarantined messages for your users, see Quarantined Messages.