Sophos UTM can be configured to detect unsolicited spam emails and to identify spam transmissions from known or suspected spam purveyors. Configuration options located on the Antispam tab let you configure POP3Closed Post Office Protocol version 3 security features aimed at preventing your network from receiving unsolicited commercial emails.

Spam Filter

Sophos UTM includes a heuristic check of incoming emails for characteristics suggestive of spam. It uses SMTPClosed Simple Mail Transfer Protocol envelope information and an internal database of heuristic tests and characteristics. This spam filtering option scores messages based on their content and SMTP envelope information. Higher scores indicate a higher spam probability.

With the following two options you can specify what to do with messages that have been assigned a certain spam score. This ensures that potential spam emails are treated differently by the gateway.

  • Spam action: Here you can define what to do with messages that are classified as probable spam.
  • Confirmed spam action: Here you can define what to do with confirmed spam messages.

You can choose between different actions for those two types of spam:

  • Off: No messages will be marked as spam or filtered out.
  • Warn: No messages will be filtered out. Instead, a spam flag will be added to the message's header and a spam marker will be added to the message's subject.
  • Quarantine: The message will be blocked and stored in the email quarantine. Quarantined messages can be reviewed either through the User Portal or the daily Quarantine Report.

Spam marker: With this option you can specify a spam marker, that is, a string that will be added to the message's subject line making it easy to identify spam messages quickly. By default, the string *SPAM* is used to tag messages as spam.

Expression Filter

The expression filter scans the message's subject and body for specific expressions. Emails that contain an expression listed here will be blocked. However, if the prefetch option is enabled on the Email Protection > POP3 > Advanced tab, the email will be sent to the quarantine. Expressions can be entered as Perl Compatible Regular Expressions. Simple strings such as "online dating" are interpreted in a case-insensitive manner.

Cross Reference – For detailed information on using regular expressions in the expression filter, see the Sophos Knowledge Base.

Click Apply to save your settings.

Sender Blacklist

The envelope sender of incoming POP3 sessions will be matched against the addresses on this blacklist. If the envelope sender is found on the blacklist the message will be quarantined and marked as Other in the subject line.
To add a new address pattern to the blacklist click the Plus icon in the Blacklisted Address Patterns box, enter (a part of) an address, and click Apply. You can use an asterisk (*) as a wildcard, e.g., * A wildcard does not work in the domain or TLD part of an address.

Tip – End-users can create their personal blacklist and whitelist in the User Portal.