Would be nice to be able to 'exclude' specific file types from a DLP policy. e.g. mail with smime.p7s attachments are getting blocked even though that file type is not in the 'Use Sophos List'

Adding reverse DNS lookup to email gateway to improve security.

In email gateway there is an option to whitelist and URL but no option to blacklist an URL. When we find a malicious website we like to inmediatly block all access to this website. Maybe this option can be directly connected to the Sophos labs?

There should be an easier way for admins to submit spam to sophos from the message logs. On the flip side, there should be a way to whitelist from the quarantine as well.

Currently adding and removing e-mails from the Inbount Allow/Block list is a 100% manual process... in 2019.
I would vote for an automated methed (ideally via API) to add / remove addresses from this list.

Email Gateway - At Risk Users
> Report false positives from At Risk Users
There should be a button to directly white-list certain domains that are false positives and are categorized for At Risk Users.

When a user clicks on block or allow sender when receiving an email, a second prompt opens up confirming the action of the user. Probably a third prompt if the action is to block.

This will prevent a user from accidentally and unconsciously blocking senders. Most especially for on-the-go users who use phones heavily for their emails which has a high tendency of accidentally and unconsciously pressing "block sender" since they have a smaller screen and options for the banner are close to another app setting in the Outlook app.

Currently in a rule of Messages containing certain types of attachments. The .pages extension detects as .zip.
In the rule How can you block .zip and allow .pages?

Support requests take incredibly long to receive a response, and then considerably longer to receive a resolution.
Specifically, with email gateway issues and bad or blocked IPs from Sophos.

Sophos Support needs to proactively scan real-time blacklists (DNSBL/RBL) to ensure their external sending IP addresses are not included.

If a sending IP is identified as blacklisted, support needs to quickly disabled server(s) relaying mail via blacklisted IP(s) to prevent their clients from having waste hours opening support tickets notifying Sophos Support that they are receiving NDRs while trying to send mail.

Currently in the email gateway you can only search on one field, e.g. sender or recipient or subject. This is no good if there are lots of emails between people and you need to locate a specific email. Please can we expand the search function to be able to search on multiple fields at the same time?

I would suggest that we have a method of reviewing our tickets from this interface not just launching them. It is frustrating not to be able to see the progress of a ticket and to have to wait for email notifications when you are having email issues!!!

For users with access to multiple mailboxes. Have the ability to also view those other mailboxes quarantine.

to use up less screen space

Currently if an email address or domain is whitelisted in the inbound allow list then Time-of-Click protection is not applied to any links in the email. This results in incoming email from a comprised account not being protected. Please apply TOC protection to whitelisted emails in a similar way to virus protection being provided on such emails.

While creating an automated report as Admin, Only the report creator can able to receive the report. Multiple recipients cannot be added to the list. My suggestion is to configure multiple recipients to send the report.

When an mailbox is not declared in Sophos mail, Sophos relay reject the inbound traffic as expected, anyway we would have the option to know in some report or log available in the Web admin console (Sophos Central) the mails rejected by those cases, unfortunately this is not available at the moment. Could you include this in the roadmap? This will be helpful for us and also could be for other costumers. Thanks.

In Email Gateway - Message Detail, the only option I see for phishing email is to Add to blocklist. But that just adds the IP address to the blocklist.

There should be a button that says to use this email to help train your spam/phish detection algorithms. This message was clearly a social engineering extortion attempt, but didn't get quarantined. It would be nice to have a button that says "Your algorithm needs to block messages like this".

Extend the duration of logs from 30 days to 180 days as a minimum.

A month is not long enough for ongoing troubleshooting cases...