Skip to content
Last update: 2022-07-13

Message History Report

The Message History report details the messages processed by Sophos Email Security for your protected mailboxes.

This option is only available if your license includes Sophos Email.

Go to Logs & Reports > Message History.

If you have domains connected with Sophos Gateway and Sophos Mailflow, click Type to select which one to view.

You can search messages by Subject, Sender, or Recipient.

You can select the period for which you want to view the message processing history. By default, the report displays the messages processed during the current day.

You can filter messages by Direction, Status, or Reason.

Click Update to refresh the report if you've changed the date range, entered a search term, or filtered the messages.

Click the subject of a message to see its details.

Report Details

Each row in the report shows one message that has passed through the gateway. If a message is sent to more than one recipient, there's only one row for that message.

For each message, the report shows:

The SENDER of the message.

The RECIPIENT of the message. If there's more than one recipient, the number of additional recipients appears.

The DIRECTION of the message. This column doesn't appear if the outbound flag is off.

The SUBJECT of the message. You can click the subject of a message to see its details.

The DATE of the most recent activity for the message.

The Last Status from the most recent activity for the message.

If a message is suspicious you can see the Reason it was quarantined or deleted.

Note

Whether a message is quarantined or deleted depends on the spam protection settings you've chosen, see Email Security Policy.

Message Details

To view Message Details, click a message's Subject.

You can click the following tabs for more information about the message.

  • Details shows general information about the message such as subject and date, a Status Summary and a history of events for the message. Event history is grouped by Recipients.
  • Raw Header shows the header details.

  • Attachments shows the name and size of attachments.

    We calculate attachment size using the email's MIME-encoding. We don't use the size of the raw files. This means attachment file sizes are often reported as larger than the actual file. See Calculating email attachment file sizes.

Depending on our message analysis you can see either Report as Spam or Report as Not Spam. You can click the link and send the message to SophosLabs to help us improve our spam detection.

In Details if multiple recipients receive a message, you can do the following:

  • Scroll through the SMTP recipients and Header Recipients.
  • You can see a list of recipients with their latest delivery status. You can also search events by recipient email address or domain. You can expand a message to see all the events associated with it.
  • Filter the messages by clicking the links under Status Summary.

You can select Add to blocklist to add the IP address to the Inbound Allow/Block list. For more information see Inbound Allow/Block.

In the Status column you can hover over the ellipsis to see the complete SMTP text for that recipient. The code is helpful for troubleshooting. See Enhanced Mail System Status Codes and https://datatracker.ietf.org/doc/html/rfc3463.

Back to top