Ability to preview quarantined mail in SMTP quarantine for administrators as with the SG is possible. This I used often to see if an e-mail was legit and would be safe to release .

Have a details option in MTA spam quarantine to view the email headers and source. Optional also to send it to a different email address for checking.
See Puremessage functionality.

We know that Mozilla Thunderbird stores the data in an MBOX file format while Outlook supports PST file format. In such a situation, MailsDaddy Thunderbird to Outlook converter is a precise application tool that easily imports Thunderbird email into Outlook without any changes. The tool also helps the user to move Maildir files to Outlook PST format. It has several other conversion options that allow user to open Thunderbird data into PST, EML, MSG, HTML & various other mail formats.

For more info: https://www.mailsdaddy.com/thunderbird-to-outlook-converter/

I would like to have the ability to choose the number of quarantine email that I can see at one time with a selectable list of options, 25, 50, 100, 200, all, etc. I would also like to see the delete and release buttons at the BOTTOM of the list as well as the top. The fields that contain the senders email addresses need to be longer or selectable in some way so that you can copy the domain information. Perhaps there could also be a button to create an exception rule directly from the selected email as well.

The ability to download the Outlook Add-in XML file to add to the Encrypt & Report as Spam button to OWA (Outlook Web Access).

Sender field, in quarantine report email, currently presents only the forged/fake address of a Phishing/Spoofing email.

A good idea would be to add the real Sender Address, and maybe color it with RED to be eye-catchy and alert the user to pay attention to it.
Alternatively, display only the original email address.

It would be helpful if when adding a domain to the exception list you could also instruct the system to consider all of the subdomains that are associated with it as well. This may be done with a check box and the system could then add the subdomains to the filter list as they come in. The user could then go in and turn off the checkbox and exclude certain sub-domains.

It would be wonderful if you could just click on an entry in the Mail Logs and have it added to the Exception list. You could then go to the exception list and make any modifications needed but capturing the domain information is the most critical.

Id like to suggest changing the status of grey listed emails from rejected to greylisted. This would make searching for emails that have actually been rejected much easier. alternatively add an additional reason filter for greylisted items.

Ability to preview email that is in quarantine prior to releasing it from the user portal, similar to the O365 email quarantine ability to preview an email that is in quarantine prior to releasing

Receive email notification to administrator's email ID for quarantined emails when it reaches to the set threshold number.

Email protection and DLP on Sophos XG is possible use just with Data control list based on predefined dictionaries (CCL - content control list).

Could you add support for definition of the own dictionary/CCL (based on keywords and regular expression)?

Sophos does not send a quarantine digest if an outbound email is quarantined by antispam. I checked antispam engine for outbound traffic by using the gtube string. My Outbound message has been quarantined as expected. I am not notified about that issue. So my users are not able to recognize that important Business email are not delivered.

I opened support case 03082732 for that behaviour. They told me:

“Regarding the quarantine summary digest for the outbound emails, right now this feature seems not be supported on the XG.”

Please improve quarantine digest.

I analysed MIME-Type recognition and found that MIME-Type recognition is not working proper. As example, DOCX-files are recognized as "application/msword". The right MIME-Type of DOCX-files is "application/vnd.openxmlformats-officedocument.wordprocessingml.document".

I already opened a support case with request number 03058060 and got this answer:
"Yes, the MIME recognization from XG for .docx is under applications/msword"

So please change MIME-Type recognition, that it serves the MIME-Types, which are listed here:
https://docs.microsoft.com/de-de/microsoft-365/compliance/supported-filetypes-datainvestigations?view=o365-worldwide

or here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/BasicsofHTTP/MIMEtypes/Commontypes

Make the log items in "Email / Log Viewer" expandable and show traffic details with time stamps like:
- incoming connection from
- mail from
- mail to
- blocked because of
- outgoing connection

These information is sometimes crucial to trouble shoot mail problems and is otherwise buried in log files.

Please add a functionality, to show emails in smtp log, which were deleted from the smtp quarantine! If a mail gets quarantined, the smtp log shows "quarantined". But if I now delete the email, this action is not logged into the smtp log. Instead of this, if you delete mails from smtp spool, it gets logged into smtp log. Why? Please log this and show this in smtp log. If i release a mail from quarantine, this is logged to smtp log as "delivered"...

On xg user cannot access to quarantine email.
If you have 2 email domains defined, xyz.com and xyzllc.com, and emails to both domains go to the same users, the quarantine digest is sent for only xyz.com but not for xyzllc.com.

Users shoul be able to see all the quarantine emails from all their email-adresses.