Sophos Email Security

This release contains a bug fix.

Bounce Address Tag Validation (BATV)

This enhancement allows customers and users to check incoming messages for valid bounce address tags. If a tag is missing, it takes the action you specify. Learn more:

• Add a domain
• Bounce Address Tag Validation (BATV)

This release contains bug fixes and improvements.

Executive Summary Report

This new feature allows customers to schedule regular reports in Sophos Email. Customized filtered reports can be scheduled at a set frequency for a set date range. See Email reports.

QR Code Protection

This Sophos Email release introduces QR Code Protection, which scans for malicious URLs embedded in QR codes. See URL Protection.

Report spam without blocking sender

This new enhancement allows customers and users to report spam emails through smart banners without blocking the email. See the following references:

• End-user message settings
• Anti-malware
• Impersonation protection

This release contains bug fixes and improvements.

This release contains bug fixes and improvements.

This release contains bug fixes and improvements.

This release contains bug fixes and improvements.

External subdomains in policy

When you use wild card to configure external subdomain in any email policy, you can make it match either the first-level or all-levels of the email subdomain of external senders.

Quarantine Summary new format

The new format of quarantine summary enhances the readability and the viewability of quarantine summary, particularly on the smaller screens of mobile phones.

Allow/Block list descriptions

Now, you can save descriptions for the admin allow and block entries. The description field records information about the entry, helping you and your other admin colleagues make sense of the entry in future.

This release contains bug fixes and improvements.

This release contains bug fixes and improvements.

As of January 01, 2024, Transport Layer Security (TLS) 1.0 and 1.1 protocols are no longer supported for inbound and outbound email delivery. For details, see TLS versions 1.0 and 1.1 will be disallowed.

Both TLSv1.0 and TLSv1.1 are vulnerable to security attacks and consequently the use of these versions has been removed.

All customers currently using TLS versions 1.0 and 1.1 on their mail servers may experience TLS delivery failure errors if these versions aren't turned off.

Granular search in Data control

We've enhanced the Data control policy to support granular searches. You can configure a rule to search in the subject, message body, attachment name, attachment content, or any combination of those message parts.

This release contains bug fixes and improvements.

This release contains bug fixes and improvements.

This release contains bug fixes and improvements.

Multiselect Clawback from Message History

You can manually claw back messages from the M365 inboxes of one or more users into the post delivery quarantine of Sophos Email. You must have post delivery protection configured in your account to use this feature.

24/7 Quarantine Summary

We've enhanced the quarantine summary feature with the capability to schedule quarantine summary messages for any hour of the day and any day of the week.

This release contains bug fixes and improvements.

TLS version detail in Message History

We've improved the reporting capabilities in Message History. Message History now shows you the versions of TLS over which a message was exchanged during delivery and receipt, for both inbound and outbound messages.

Sophos Email integration with Sophos MDR

Sophos Email provides deeper integration with MDR than other email products, supporting a slew of detections such as account compromise, malware, malicious URL, impersonation, spam, data control, and post delivery protection.

Sophos Email Clawback API

Using this API, you can manually claw back messages from the M365 inboxes of one or more users into the post delivery quarantine of Sophos Email. You must have post delivery protection configured in your account to use this API.

Enhanced message authentication

We've added comprehensive message authentication checking options, including SPF soft failure check support. You can now boost your email security against unauthentic sender domains with the new "Domain anomaly" option in "Sender checks".

Modify address

We've added the "Modify address" option in Data control. You can now change the email delivery address and copy the email to another address using CC or BCC.

Recover to quarantine

We've enhanced Sophos Email to help you manage outbound spam and inbound malware emails that have been deleted. You can now recover them to quarantine to inspect them.

Read-only user quarantine

We've added Read-only user quarantine. You can configure your user quarantine as read-only so that users can view quarantined emails but can't release or delete them.

Google Directory Synchronization

We've introduced a new feature, Google Directory Synchronization. You can now synchronize information about your users and groups from Google Directory into Sophos Email.

On-Demand Clawback

We've launched a new feature, On-Demand Clawback. You can now remove any message from the M365 mailboxes of users with just the click of a button in Message History. Early access has been provided with M365 post delivery protection turned on.

Sophos Mailflow Tamper Alert and Remediation

We've introduced Sophos Mailflow MFR Tamper Alert and Remediation. This feature monitors changes made to the M365 Mailflow rules and connectors and notifies you if any modification impacts your Sophos Mailflow setup. It also applies fixes, saving time and effort for you.

Admin access to user allow/block

We've enhanced our "Allow/Block List" feature with Admin access to user allow/block. Using this feature, admins can view and manage users' allow and block lists. They can also benefit from enhanced wildcard support, the new CSV export, and advanced search capabilities.

SMTP Routing

We've introduced SMTP Routing. You can now reroute your inbound or outbound gateway messages directly to a mail server using the server's A-record or fully qualified domain name.

Outbound Disclaimer

We've added Outbound Disclaimer. You can now add disclaimers to your plain text and HTML format outbound messages using Outbound Disclaimer in Email Security policy.

Quarantine API

We've introduced Quarantine API. Using Quarantine APIs, you can now perform operations on messages in both email security quarantine and post delivery quarantine.

This release contains bug fixes and improvements.

Quarantine Enhancements

We've enhanced Quarantine for administrators in Sophos Email Security, allowing you to download, strip, or re-attach attachments from a quarantined message. You can also submit a quarantined message for scanning by SophosLabs Intelix.

Clone Email Policy

We've added Clone Email Policy. You can now clone any Sophos Email policy. The cloned policy is added just above the policy being cloned. It's best to change the cloned policy for your needs before you enforce it.

This release contains bug fixes and improvements.

This release contains bug fixes and improvements.

Aggressive mode for anti-spam

We've introduced catch rate for spam. You can set the level (from 1 to 5) using a slider in an Email Security policy.

New look for Email Security policy settings

We've introduced vertical tabs in policy settings to group related settings together and make them easier to manage.

Secure message policy

We've introduced a new type of policy that combines the encryption, decryption, signing, and verification features previously managed in Global Settings.

The new Secure Message policy allows you to do the following:

• Enforce one of three versions of TLS, with fallback options.
• Verify TLS certificate on outbound messages.
• Allow your users to attach subject tags to outbound messages to choose S/MIME, Push, or Portal encryption.
• Allocate Portal encryption licenses.
• Configure S/MIME (previously done in Email Security policy).

Improved user experience in policies

We've introduced a new "Internal" tab in Sophos Email policies. This brings users, groups and domains together, making a clear distinction from their external counterparts.

Inspect and modify headers feature in Data control policy

We've introduced the ability to inspect and modify message headers. You can use rules in Data control policies to do the following:

• Inspect message headers, source, and size.
• Modify message headers. You can add, edit, and strip headers.

Admin Quarantine enhancements

We've enhanced Quarantine for administrators in Sophos Email Security with the following features.

• Administrators can use advanced search in Quarantine.
• Last week's quarantined messages are shown by default.
• A new direction filter changes color to show which direction is active.
• In Message Details a new URL tab shows the links in a message body. You can search the list of URLs.
• The Message Details page in Quarantine is now more consistent with the one in Message History. You can block a sender's address, domain, or IP address.

Advanced search in Self Service Portal

We've introduced advanced search for the user quarantine and distribution list quarantine features. Last week's quarantined messages are shown by default.

Quarantine summary email changes

We've added new fields to the Quarantine Summary email, "To" and "Reason".

There's also a confirmation screen which shows details of a message and has options to add the sender to a user's allow or block list.

Compromised account detection

We've added the capability to detect compromised mailboxes based on traffic patterns. When we detect these, you receive an alert asking you to enable Multi-Factor Authentication (MFA) and ask the users to change their mailbox passwords.

Other email enhancements

We've also made the following changes to Sophos Email Security.

• In Sophos Gateway mode, you can now send emails to us on port 587 of Sophos Email Security, as well as port 25.
• We've increased the number of accounts you can add to your VIP list to 500.

This release contains bug fixes and improvements.

This release contains bug fixes and improvements.

Advanced Search in Message History

We've introduced Advanced Search in Message History. You can search messages with combinations of the following:

• Sender email address.
• Recipient email address.
• Email subject.
• Email size.
• Type of attachment.
• Presence of one or more attachments.
• Delivery status notification (DSN) code.

Note: We're rolling this feature out gradually, so you may not see it yet.

More blocking options in Message History

We've introduced new links in Message Details. You can block the email address, domain, or IP address used to send an email.

Note: We're rolling this feature out gradually, so you may not see it yet.

New URL tab in Message History

We've introduced a new tab in Message Details which lists the unique URLs in a message. You can now search for URLs in messages.

Note: We're rolling this feature out gradually, so you may not see it yet.

Strict enforcement of TLS authentication for Email Encryption

If you use email encryption, you must now configure your mail servers to accept TLS connections, as previously explained in this community post: Strict enforcement of TLS for Encryption.

Note: You must configure your mail servers to accept TLS connections before you configure Email Encryption. See "TLS authentication" in Email Encryption.

Message History API

We've introduced the Message History API. All Message History data will now be available in the Sophos Data Lake. We've added new queries in Live Discover to take advantage of the expanded email data set.

Please note that although we've started collecting Message History data in the Data Lake, it can take up to 30 days for all the data in Message History to appear.

Policy Enhancement: External domains and mailboxes

We've enhanced the policies in Sophos Email so that you can apply a policy to external domains and mailboxes, not just those of your organization. You can do this in Email Security policies, and Data control policies and rules.

There's a new "External" tab in the policy interface. By default, the option "Include all" is selected, so your existing policies will continue to behave as they did before. You can include or exclude a list of email addresses and domains to which the policy or rule will apply.

Enhanced Time of Click protection

Although HTTP/1.1 doesn't specify any URL length limit, Microsoft Outlook doesn't support URLs longer than 2048 characters. Outlook truncates the URL so the email recipient can't use it.

We've enhanced the Time of Click feature so that URLs rewritten by Time of Click no longer exceed Outlook's limit.

Sophos Delivery CIDR IP address ranges

We've started rolling out new Sophos Delivery CIDR IP ranges for the new domains added after the announcement on May 24, 2022. See Sophos Central Email: New delivery IP addresses.

Interactive reporting

We've launched interactive reporting. You can click any linked count on the email security dashboard and email reports. This takes you to a report to see more details on that count.

For example, at the top of your dashboard, you see a statistics ribbon showing key statistics for your account. You can click each count on the ribbon.

As part of interactive reporting, we've made significant improvements to email reports as follows:

• We've upgraded the inbound and outbound activity summary charts. The arrow charts show the order in which scans categorize inbound and outbound messages in the email flow.
• Clicking the messages count in a category takes you to Message Summary with the relevant category highlighted.
• Message Summary has an upgraded chart, and you can sort the data columns.
• You can also click the counts in Message Summary to go to Message History for further details.
• You can export Message Summary.
• You can click the counts in the dashboard summary charts for Intelix threat and Data control (formerly DLP) to go to the respective detailed reports. We've upgraded the Data control summary chart on the dashboard to show a breakdown of inbound and outbound messages.
• We've also upgraded the Time of Click report. You can click the warned and blocked counts to go to the At Risk Users report and see the list of risky sites that users clicked.

You can go back to the old dashboard for a few weeks after you're upgraded.

Custom Branding for Encryption

We've launched custom branding for encryption for customers with the portal encryption license. Customers can use their organization's logo to brand portal encrypted messages, push encrypted messages, and the encryption web portal. They can also customize notifications with their organization's address and contact information, customize recall messages, and allow recipients to sign in with social media connectors. These features and more are listed in the provisioning form. Please ask your account manager or partner for the provisioning form to apply for custom branding.

Malware policy enhancements

We've upgraded our malware detection and categorization to give you more choices for handling emails.

• You can now take different actions for emails that contain confirmed malware, viruses, or malicious links. You can treat them separately from spam and bulk emails. See Email Filtering.
• There are now two categories for emails detected by SophosLabs Intelix. You can set different actions for Intelix Suspicious and Intelix Malicious emails. See Intelix Threat Analysis.
• If you choose to quarantine emails for any of these events, you can also choose to list those emails in the end users' quarantine report in the Sophos Self Service Portal.