It would be helpful if when adding a domain to the exception list you could also instruct the system to consider all of the subdomains that are associated with it as well. This may be done with a check box and the system could then add the subdomains to the filter list as they come in. The user could then go in and turn off the checkbox and exclude certain sub-domains.

It would be wonderful if you could just click on an entry in the Mail Logs and have it added to the Exception list. You could then go to the exception list and make any modifications needed but capturing the domain information is the most critical.

Id like to suggest changing the status of grey listed emails from rejected to greylisted. This would make searching for emails that have actually been rejected much easier. alternatively add an additional reason filter for greylisted items.

Ability to preview email that is in quarantine prior to releasing it from the user portal, similar to the O365 email quarantine ability to preview an email that is in quarantine prior to releasing

Receive email notification to administrator's email ID for quarantined emails when it reaches to the set threshold number.

Email protection and DLP on Sophos XG is possible use just with Data control list based on predefined dictionaries (CCL - content control list).

Could you add support for definition of the own dictionary/CCL (based on keywords and regular expression)?

Sophos does not send a quarantine digest if an outbound email is quarantined by antispam. I checked antispam engine for outbound traffic by using the gtube string. My Outbound message has been quarantined as expected. I am not notified about that issue. So my users are not able to recognize that important Business email are not delivered.

I opened support case 03082732 for that behaviour. They told me:

“Regarding the quarantine summary digest for the outbound emails, right now this feature seems not be supported on the XG.”

Please improve quarantine digest.

I analysed MIME-Type recognition and found that MIME-Type recognition is not working proper. As example, DOCX-files are recognized as "application/msword". The right MIME-Type of DOCX-files is "application/vnd.openxmlformats-officedocument.wordprocessingml.document".

I already opened a support case with request number 03058060 and got this answer:
"Yes, the MIME recognization from XG for .docx is under applications/msword"

So please change MIME-Type recognition, that it serves the MIME-Types, which are listed here:
https://docs.microsoft.com/de-de/microsoft-365/compliance/supported-filetypes-datainvestigations?view=o365-worldwide

or here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/BasicsofHTTP/MIMEtypes/Commontypes

Make the log items in "Email / Log Viewer" expandable and show traffic details with time stamps like:
- incoming connection from
- mail from
- mail to
- blocked because of
- outgoing connection

These information is sometimes crucial to trouble shoot mail problems and is otherwise buried in log files.

Please add a functionality, to show emails in smtp log, which were deleted from the smtp quarantine! If a mail gets quarantined, the smtp log shows "quarantined". But if I now delete the email, this action is not logged into the smtp log. Instead of this, if you delete mails from smtp spool, it gets logged into smtp log. Why? Please log this and show this in smtp log. If i release a mail from quarantine, this is logged to smtp log as "delivered"...

On xg user cannot access to quarantine email.
If you have 2 email domains defined, xyz.com and xyzllc.com, and emails to both domains go to the same users, the quarantine digest is sent for only xyz.com but not for xyzllc.com.

Users shoul be able to see all the quarantine emails from all their email-adresses.

It would be great if you add a new Category to the MIME type filters for any macro enabled Office file type. At the moment we have tor add those file types manually for every customer.

Edit the Release Link in Quarantine digest email for XG 17.5.13, not to x.x.x.x:4444
rather to the UserPortal, instead to message: "You can release quarantined emails only from user portal. To release them, sign in to user portal."
Or remove the link.

Edit the Release Link in Quarantine digest email for XG 17.5.13, not to x.x.x.x:4444
rather to the UserPortal, instead to message: "You can release quarantined emails only from user portal. To release them, sign in to user portal."
Or remove the link.

We need support to whitelist entire lists of IP or entire networks under the MTA mode.

https://support.duocircle.com/support/solutions/articles/5000524218-ip-addresses-for-firewalls

We have users with more than one e-mail account. But with login based on AD, we can only associate one account at time.

Make possible to associate more than one e-mail accont per user, at least on Quarantine .

The Quarantine Digest (QD) is currently an all or nothing affair short of deciding if individual users receive the QD . There is no setting for individual users to have questionable emails bypass the digest and be delivered directly to them if they do not wish to bother with the extra steps of logging into the User Portal.

Currently in MTA Mode you only have the ability to block inbound spam based on email address of FQDN. Having the ability to block by keyword and or ip address would be a significant gian. We curerntly get 20 od emails a day from "Famous Parts" all different email domains. If we could block "Famous Parts" or IP these would be siginificantly reduced.

Enable Release Link in Quarantine digest email for XG 18, like UTM, instead to message: "You can release quarantined emails only from user portal. To release them, sign in to user portal."
Or remove the link.