possibility to redirect quarantine reports for e.g. ticketing system to administrator (to not create tickets for quarantine reports)

Instead of the actual crypto locker problems we block all office mime type mails and need a feature to send a quarantine report more often to users

Would like to be able to block all emails with senders from specific TLDs. Eg. .win or @*.win

We get phishing mail with faked sender!
Examples:

mastercard.com text = "v=spf1 include:spf.protection.outlook.com
include:deliverygateways.masercard.com include:external.mastercard.com include:ma.mastercard.com ~all"

paypal.com text = "v=spf1 include:pp.spf.paypal.com include:3ph1.spf.paypal.com
include 3ph2.spf.paypal.com include:3ph3.spf.paypal.com
include:3ph4.spf.paypal.com nclude:c.spf.ebay.com ~all"

The problem with this is ~all

The UTM marks the mail somewhere in the header and forwards it.
This is not good!

It would be better if you could adjust the response to such a mail:

reject this mail
accept this mail
treat this mail as SPAM (marked as SPAM)

It could thus enable a lot more control over such mails!

It would be nice to have the ability to activate a report to the internal receiver of an e-mail when his message is blocked (quarantained) because it contains a blocked extension (doc, xls, zip and so on)

i'd like to know if is possible analyzer doc file attached to an email and discover if it contain macro and if has it put the message in quarantine

It would be nice to have an Outlook plug-in to report SPAM or false positive SPAM directly in Outlook not only in daily reports.

Send response to sender (ingoing and outgoing), if mail blocked (attachement) by SMTP Protection.

It is standard in other spam filter and a must have in my oppinion.

Did the end-user password reset functionality go away at some point? I have a newly integrated UTM 9 at version 9.4. In the SPX end-user provided password template, it would be nice to have the user password feature back. Even with end user provided passwords they will surely forget eventually. I am trying to avoid getting into the password reset business. It also added to the ease of use to both my users and their recipients.

Thanks,
Ryan

Working with Sophos support (case 5397031), the current product is not able to stop a spoof attack in which the "envelope from" is valid but the body sender address is spoofed as an internal address.

SPF checks are not effective in this scenario and the message is delivered.

Currently we are able to replace the header of a e-mail message. for instance, I can search and replace the word "Subject" but it just removes the entire subject line and replaces it with the word I choose.

what I need, for information classification, is to add the word "CONFIDENTIAL" to the subject while keeping the rest of the line.

Notify sender if an incoming email has been blocked due to file extension filter in the antivirus section.

I would like to block @.example.com but it is impossible. Spammers use subdomain in order to bypass the filter.

The ability for block and allow lists to apply to the header from field in the message, and the ability for the RDNS to check this header to confirm it is correct.
The ability to create rules to check for what the value of the header is and block or allow based off that field

Hello!

At this moment SEA and UTM support the limited number of Languages

https://docs.sophos.com/msg/sea/help/en-us/msg/sea/concepts/ConfigPolEncryptSPXMain.html?hl=spx%2Clanguage

We highly need the support of Russian and Azerbaijani languages in PDF, this need for tens of thousands users.
It's one of the killer features in SEA / UTM.

Would be nice when the quarantine report for blocked outgoing mails looks like the reports for blocked incoming mails.

Most users in my experience don't notice that plain text mails as important or will delete it immediately because it looks like spam.

Many North American companies will have no dealings with Chinese vendors/manufacturers or those in Russia. There should be an option (like there is for Barracuda Networks' SPAM firewalls, to block these character sets.

Add export to Allow/Block list administration. Need an easy way to consolidate User level allow/block rules to Enterprise level. Reflexion can get confused when multiple records are defined at Enterprise/User level for domain and specific emails.

Drop Cyren spam database and implement Sophos' own database (Sophos Labs) used in all other products, as the detection rate is much better and there are less false positives.