Latest Features in Sophos Central Email
In recent months, Central Email has received a whole range of new features. I have listed some of them here, and for most of them there is a video that explains everything.
Message History - Advanced Search and Enhancements
With this release, Sophos brings advanced search functionality to Message History for the Central Email service. Advanced search allows users to search for emails using various criteria, such as sender email address, recipient email address, subject, message size, attachment, and DSN (Delivery Status Notification) code. At least three characters must be entered in a field before a search can be run. Fields can also be left blank to exclude them from the search criteria. The basic search will become obsolete and be removed after a certain period.
In addition to advanced search, Message History has also been improved. Message details now include the option to block sender addresses or sender domains. In the “Block IP address” option, the domain name of the IP address is now displayed using a reverse DNS (Domain Name System) lookup. This helps assess the impact of blocking an IP address and prevents accidental blocking of IP addresses used by multiple sources, such as Google (Gmail). A new “URLs” tab has also been added to the message details page, listing unique URLs in the message and making them searchable.
More information: Message History - Advanced Search and Enhancements
Interactive Reporting
There is now an interactive reporting function that makes reports more consistent and granular and significantly improves the user experience in the dashboard and reports. The new dashboard shows improved statistics and the most important metrics for inbound and outbound messages.
The activity summary for inbound and outbound messages has been updated with arrow graphics that represent the direction of email flow. The arrows show messages in the order in which scans are performed.
The Data Control chart (formerly referred to as DLP) has been updated. The pie chart on the left now shows a split between inbound and outbound messages, while the pie chart on the right further categorizes messages by Data Control rule type.
Report data can also be exported in CSV and PDF format. It is also possible to sort report data by any column. Users can now interact with any linked value in the dashboard or other reports by clicking the value and navigating to a report that shows more details.
Graphics are difficult to describe in text, so there is a video here that explains the improvements.
More information: Interactive Reporting
Policy Improvements
Sophos Email has improved its policies so they can also apply to external domains and mailboxes. This capability has been added for both Email Security and Data Control policies.
To use this feature, a new tab named “External” is added to the policies. The default option is “Include all,” so existing policies continue to work as usual. However, policies can be customized to include or exclude a list of email addresses and domains to which the policy should apply. It is also possible to import a list of external email addresses and domains in CSV or TXT format to populate the include or exclude list for the policy.
External domains and mailboxes should be configured in the policy so that the policy applies only to messages exchanged between those external domains or mailboxes and the selected internal users, groups, or domains. This allows the policy to be adapted more granularly to meet data protection or data control requirements for those messages. For example, if S/MIME should be applied to all messages exchanged between a group of users in your own organization and a group of users in a partner organization, the domains or mailboxes of the partner organization must be listed under the External tab, and your own users under the Users, Groups, or Domains tabs.
The new functions are also explained in the following video.
More information: Policy Enhancement
Enhanced Time of Click Protection
HTTP/1.1 (Hypertext Transfer Protocol) does not specify requirements for URL length. However, various Microsoft products do not support URLs above a certain length. Microsoft Outlook does not support URLs longer than 2048 characters. This limitation caused inconvenience for users when URLs rewritten by Time-Of-Click exceeded that length limit. Outlook truncated the URL, rendering it unusable.
The Time-Of-Click function has now been enhanced to address the URL length restriction efficiently. URLs rewritten by Time-Of-Click should no longer exceed the length limit.
Stricter Enforcement of TLS Connections
Sophos Email introduced stricter enforcement of TLS connections for accounts configured for encryption, increasing security. This improvement worked well for the vast majority of customers. However, a handful of customers who had not configured TLS on their local mail servers experienced email traffic disruptions. To help these customers transition, the changes were temporarily rolled back.
Impact: If your mail server had not been configured to accept a TLS connection, but encryption had been configured in Sophos Email, you received the “TLS Delivery Failed” error message. This was fixed on 26.10.2022 and may require a configuration adjustment.
More information: Strict enforcement of TLS for Encryption
Message History API
Sophos has introduced a new feature called “Message History API”. This feature makes it possible to collect message history data from the Sophos Central XDR Data Lake and retrieve that data via the API. The Message History API extends the existing datasets in the Sophos Email XDR Data Lake and enables search and analysis of different message types, such as impersonation emails or spam, based on attributes such as sender, recipient, attachment, or URL. An XDR or MDR license is required to use this function.
More information: Message History API
