Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 12 subscribers
  • Views 1508 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

questions about spoofs

Jiri Novak1

We just setup Sophos Email Gateway on top of GSuite... everything works, followed the setup and turn on all warnings 

Spam Filtering - turned on tag subject line

End-user message settings - turned on all smart banners

Sender Check - turned on tag subject line

then ran this test https://emailspooftest.com

E9 and E10 emails were not flagged by Sophos Gateway any way (which is honestly a bit odd)

none of the test emails E1 to E10 showed smart banners of any kind though all other emails do

thoughts?

thank you

jiri



This thread was automatically locked due to age.
Parents
  • 0

    Hello Jiri,

    Thank you for contacting the Sophos Community!

    If you check the email headers are you seeing the header from Sophos Central?

    Regards,

  • 0 in reply to emmosophos

    Yes, all go through sophos server (looked at email headers)

    Interestingly enough, sophos forums notification (of this thread) did not include smart banner neither (we did not add sophos.com to approved list), attached is sophos forum notification email (tried to copy paste it as code but got flagged for spam)

    https://www.dropbox.com/s/ozfuds8b0x6m5no/email.txt?dl=0

  • 0 in reply to Jiri Novak1

    Hello Jiri,

    Emails coming from sophos.com will not get the banner this is by design.

    Regards,

  • 0 in reply to emmosophos

    That's very strange behavior honestly, sophos forum notifications bypass basic setting of the email gateway platform? Why? Banner are simple green-yellow-red. Showing "nothing" is simply not a good way to teach users what to watch for. It is external email not coming from our domain, it should be flagged. Btw Sophos forum emails don't even use DKIM 

    Authentication-Results: mx-01-us-west-2.prod.hydra.sophos.com; spf=pass smtp.mailfrom=noreply@mail.community.sophos.com; dkim=none;

    if you run tests on https://emailspooftest.com you get similar "no banner" behavior and on top you get emails through which should be flagged as spam E9 and E10

    honestly this seems like a bug, not a feature to me

  • 0 in reply to Jiri Novak1

    I just opened my inbox

    - there are some emails with no banner from random outside domains (some even flagged as bulk)

    - emails from haveibeenpwned.com have green banner though they clearly impersonate our domain, the email came with striped dkim though our domain clearly says it must use sophos dkim, I am also very unsure how sophos makes sure outgoing emails are truly coming from us, there is no real auth between google email server and sophos gateway (blind trust i guess)

Reply
  • 0 in reply to Jiri Novak1

    I just opened my inbox

    - there are some emails with no banner from random outside domains (some even flagged as bulk)

    - emails from haveibeenpwned.com have green banner though they clearly impersonate our domain, the email came with striped dkim though our domain clearly says it must use sophos dkim, I am also very unsure how sophos makes sure outgoing emails are truly coming from us, there is no real auth between google email server and sophos gateway (blind trust i guess)

Children