Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=user-settings

Manage user settings

When EMS mode is turned on, you can't configure this setting.

You can manage settings for your users. Click the General Settings icon General Settings icon., then click User Settings.

In User Settings, you can turn the following on or off:

Quarantine Summary format

This setting controls the format of quarantine summary messages on mobile phones. If you turn on Quarantine Summary format, the new quarantine summary format is applied. The new format makes it easy to view quarantine summaries on smaller displays.

For more information on the new quarantine summary format, see the release announcement.

Emergency Inbox

This setting controls whether users can access their messages from Sophos Central Self Service Portal (SSP). If you turn on Emergency Inbox, users can access their messages from the Sophos Central SSP in an emergency.

When using the emergency inbox, the following apply:

  • Users can only access their emergency inbox via Sophos Central SSP.
  • Users can only see their inboxes.
  • Messages are stored for 14 days.

  • Sophos Email retries message delivery.

    For information about the retry timing values, see Email retry times.

  • The mail server (Postfix) decides the delivery attempt interval, adding more time after each failed attempt.

Note

When your mail server comes online, the emergency inbox isn't expected to deliver messages.

Release/Delete

This setting controls whether users can release, release and allow, delete, or delete and block messages from their quarantine summary messages or Sophos Central Self Service Portal.

If Release/Delete is turned off, users can only read messages.

Allow/Block List

If you turn on Release/Delete, you can also turn on Allow/Block List, which lets users create their own allow and block email addresses and domain rules.

Allow/Block List behaves as follows, depending on your settings:

  • If End-user message settings is turned on, and you've configured Allow sender and Block sender links on the smart banners, you must not turn off Allow/Block List.
  • If End-user message settings is turned off and you've turned the Release/Delete or Allow/Block List setting off, the existing allow/block lists of users will be bypassed.

Prevention of spoofing of allowed address

This feature might not be available for all customers yet.

The email addresses and domains allowed by users and administrators bypass certain scans. For more information, see What happens when you allow an address or domain?.

However, a message that is forged to appear from an allowed address or domain will also bypass scans, which creates a security risk. To prevent this, you can turn on Prevention of spoofing of allowed address, which requires at least one DNS authentication check (DMARC, SPF, or DKIM) to pass for the aligned domain before the message can bypass scans. If none of the checks pass for the aligned domain, the message is subjected to all scans.

Note

By default, the Prevention of spoofing of allowed address option is turned off to ensure that changes to the behavior of the allow list don't disrupt email flow for existing customers.

If you turn on Prevention of spoofing of allowed address, the following DNS checks are performed to authenticate a message from an address allowed by a user:

  1. DMARC

    • If the DMARC check passes, a message from the allowed address is considered to have passed allowed address authentication.
    • If the DMARC check fails and the sender policy isn't set to p=none, the message is considered to have failed allowed address authentication.
    • If the DMARC check fails and the sender policy is set to p=none, the DMARC check doesn't give a definitive result, and allowed address authentication relies on SPF and DKIM checks.
    • If the DMARC check can't be performed (for example, if no DMARC record exists), allowed address authentication relies on SPF and DKIM checks.

  2. SPF: If the SPF check passes for the envelope domain of the message, the message is considered to have passed SPF authentication.

  3. DKIM: If the DKIM check passes for the domain in the allowed entry, the message is considered to have passed DKIM authentication.

SPF check for non-aligned address

If you turn on SPF check for non-aligned address, the SPF check can still pass even if the envelope domain of the sender address in the message doesn't align with the allowed address.

We don't recommend turning this option on because it can allow spoofed messages that forge the header-from address to match an address allowed by the user.

SPF check for envelope domain

There may be cases where users must allow messages from an address whose SPF check needs to pass without alignment. In such situations, we recommend turning on SPF check for envelope domain.

When this option is turned on, Sophos Email reads the envelope domain for every header address allowed by the user, ensuring that the SPF check is applied correctly to the message's envelope domain.

Copy of reported messages

If you turn on Copy of reported messages, you can receive a copy of a message reported to SophosLabs for analysis. You can select multiple mailboxes or distribution lists to receive these copies.

Show me how to turn on "Copy of reported messages"

The copies of all messages will be received, including those messages reported as a threat and those messages reported as clean. You get copies of messages reported by users and by administrators.

The original copy of the message is attached to the notification email. The notification email includes the following information:

  • reason
  • reporter
  • notification recipients
  • recipients of the original message
  • subject
  • timestamps

The notification email also includes the following headers to support processing by an automation system:

  • X-Sophos-EmailReported-ReportedAs
  • X-Sophos-EmailReported-Category
  • X-Sophos-EmailReported-SubCategory
  • X-Sophos-EmailReported-ReportedDate

Note

Sophos Central raises an alert when a configured mailbox or distribution list becomes unavailable.