When a message is quarantined there should be an option to release it to a different recipient, similar to how it functions within O365/Exchange Online.

Reason: While it may not be know whether a message is true Spam, we should be able to forward that to a qualified in-house forensics person.

When an email is sand-boxed and a true threat is discovered, the email is then deleted, but so are the pertinent details such as headers, exact threat (malware, etc), originating IP, any attachments.

We should be able to retain those should we need them for any of the following purposes:
Legal Proceedings
Advanced Forensics to determine origin/persistence
Additional Network Security Controls

I was told by Reflexion support that whitelisted addresses do not undergo SPF checks. I would expect whitelisting to overrule a spam score, but not an SPF/forgery check. With auto-whitelisting occurring at Reflexion, and targeted spearphishing attempts on the rise, this is a critical/basic feature that needs to be implemented.

It'll be great to offer a feature where a list of domains or email addresses to be blocked or cleared through can be imported into Sophos as a text file. Similarly, there should be a feature to export as a text file out of Sophos a list of email domains or email addresses that have been blocked or cleared through spam.

For users that I want to be able to monitor and action items within the Email quarantine when I am away, I have to give them 'Super Admin' role, otherwise they cannot release or delete.

Please grant release and delete privileges to 'Helpdesk' role.

The auto whitelist of email addresses from outbound email should be an option. Whitelisting emails in this manner allows for malicious email to return from the whitelisted email address if that email account gets compromised. This is happening more frequently now where compromised accounts are used to respond or forward emails with a malicious payload.

No log entry is created when user or admin releases email from quarantine.

The need to add outbound scanning to sophos central email gateway. Right now I have like 3 to 4 customers that has procured this service but wants to drop it due to this deficiencies. I am aware outbound is supported via utm but that won't solve any real life scenarios as this will still depend on customers public IP. Please it is of great value if this service can be available on central.

The Sophos Outlook Add-in for Windows 10 and an Outlook 2016 (32bit) doesn't work. The install end with an Error 1001. Oulok Not Installed.
I contacted Sophos support and thy pointed me to this page to make a feature request(?) In my opinion this is not a request for a feature but a request to fix a bug in an add-in.
I am using:
* Sophos Oulook All in version 1.3.1
* Windows 10 64 bit
* Office 2016 32nit

An import and export function in the Inbound Allow/Block list would be nice. This would allow us to send reports to the client of what their Whitelist/Blacklist settings are.

Currently copy and paste is the only way to produce this, and there is no way to "import" an already developed list.

agmdesarrollos te da la bienvenida

It would be great if Sophos Central Email had the ability to scan for phishing links, and any other potentially harmful links. Currently it only has the ability to look for messages that fail the SPF check.

Please increase frequency of email summary alerts for blocked email. 1 email summary a day is not enough.

Please add the ability to control the behaviour of the SPF filter. For example by allowing messages that have been filtered to be sent to quarantine, rather than simply rejected at the SMTP level. This should include separate controls for both a hard fail and soft fail criteria. Thank you.

Many of the phishing emails we receive say they are from a familiar name, but the email address doesn't match the name. I am trying to get my users to check the Reflexion footer to see the real email address, but users don't do what you tell them... I would like the option in Reflexion to strip this "Friendly" name out of the From and Reply To headers before the users ever see the email.

This morning all of our clients could not access the Reflexion login page to allow specific senders or access quarantine. We would like to be notified if some of your services are in a degraded state that could affect either us or our clients. An email would suffice, just to let us know that our clients may be experiencing issues with access to their quarantine.

Regarding the interface: Email Gateway - Mailboxes
Functionality to sort and filter columns is essential.

The ability to view messages details of a released email and see which administrator released it and the date and time that this was done. At the moment there appears to be no audit of who released what.

This is a test