Hello,
we have two suggestions:

1)
When we use the recommended sophos List in the DLP with the file types, then in future every Mail with a digital signature is blocked.
That`s not good, many from our customers with a digital signatur in the mail are blocked from DLP then. DLP should only block the file types in the list.

2)
When a important customer is sorted out in Quarantäne as spam, then we want to move him in the allow list. But then we have the problem that every mail in future from the customer will no longer scanned on viruses. Thats a terrible problem/mistake. (for example the customer gets Emotet, etc.. in future) The allow list should only be for spamfiltering not for disable scanning on viruses.

Regards

better explanation on time of click box something was blocked due to content. the explanation

Sophos Time of Click protection reports that this web page may contain malicious content. It has been blocked for your protection.
Contact your email administrator for further assistance

is not really sufficient to decide why a link should be unblocked or remained blocked and leaves us in a catch 22 situation where if we unblock something that should be blocked it could cause a major impact to the business'

something more like we found a trojan virus or malware dropper on the page you tried to visit so we know exactly why sophos blocked access to the link

Hi, I hope everyone is safe.
I have a humble suggestion for an Email Gateway Policy.
While this tool is great at stopping and sanitizing bad spam, there is room for improvement.
A simple policy, similar to the VIP impersonation list, but for all the protected mailboxes (and users).
Recently we have been receiving spam with spoofed senders. These messages appear to originate from mailbox users. but a closer look reveals that the From field contains the correct name and email but has a second email address appended. I would think this type of lazy spoofing would be caught with this tool, but is not.
So,
1) how about Email Gateway looks up the sender in People's list, name + email, and if the name is found but the name + email is not, the message is quarantined?
2) if the message is sent from say, my personal email address, which would match the name but not the email (mailbox), then the user could have the option to whitelist that contact in its emergency mailbox portal.
3) if the from field contains more than 1 email address, this message should be discarded on the spot. A simple regexp ?@?@ rule should be no challenge to Sophos engineers.
4) how about a way to secure distribution lists by marking them as internal use only. Say we have a org wide dist list and we say, reject messages sent to this address from senders not in People's list. Email Gateway sits between the sender and the mail server, it should be easy to lookup and verify the sender before pushing the message to the mail server, in my own humble and uneducated opinion.

I know some of these could affect performance on large orgs, but for small and humble business like us, it would be very helpful to have these options to protect us even more.

Thank you in advance and stay safe

Your "support" is embarrassingly bad... If we ran our business like this we would have no customers.

Phone support: None. Nobody answers the phone. Technical support: I have spent over an hour and a half waiting on two separate phone calls and gave up because I don't think anyone is there. I tried several other options when I called, and even "0" for reception gives me a message saying nobody is there, please leave a message... Seriously? WTF?

Support via website: Someone emails us back late in the evening asking for a response. We respond when open, they reply the next night... NOT HELPFUL. We have some serious problems with your product and your support is NON-EXISTENT.

Would like to recommend allowing modification to the positioning of the Smart banner "Allow sender/Block sender" links. For instance, when an email with the Unknown or Untrusted banners show up on a mobile device, the two links are stacked squarely on top of each other, allowing for a slight "Fat finger" event to cause an unwanted blocking. (I would be happy to share a screenshot from somoeone, showing such positioning and why it could be problematic.)
I would say, move them apart, like maybe the allow at the start of the warning, and leave the block at the end maybe? Some trial and error perhaps, or allow users to edit the positioning?

Thanks for your consideration. Keep up the good work!