Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Creating Antispam Profiles

 

Use the Unified Threat Management (UTM) policy page to configure antispam profiles.

E-mail spam consists of unwanted e-mail messages usually sent by commercial, malicious, or fraudulent entities. When the device detects an e-mail message deemed to be spam, it either blocks the message or tags the message header or subject field with a preprogrammed string. Antispam filtering allows you to use both a third-party server-based spam block list (SBL) and to optionally create your own local allowlists (benign) and blocklists (malicious) for filtering against e-mail messages.

Note

Sophos updates and maintains the IP-based SBL. Antispam is a separately licensed subscription service.

Once you create a profile, you can assign it to UTM policies. Within the UTM policy, you can apply either the same antispam profile or create one inline to scan e-mail traffic.

Before You Begin

  • Read the UTM Overview topic

  • Decide what kind of filtering you want for the UTM policy: Web filtering, antispam, antiviurs, or content filtering.

  • Review the Antispam Profile main page for an understanding of your current data set. See Antispam Profile Main Page Fields for field description.

To create an antispam profile:

  1. Select Configure > UTM Policy > Antispam Profiles.
  2. Click the + icon to create a new antispam profile.
  3. Complete the configuration according to the guidelines provided in Table 1.

Table 1: Antispam Profile Settings

Setting

Guideline

General Information

Name

Enter a unique name for the antispam profile that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 29 characters.

Description

Enter a description for the antispam profile; maximum length is 255 characters.

Use Sophos Blocklist

Select this check box to use server-based spam filtering. This check box is selected by default. If the box is unchecked, local spam filtering is used. Server-based antispam filtering requires Internet connectivity with the spam block list (SBL) server. Domain Name Service (DNS) is required to access the SBL server. The firewall performs SBL lookups through the DNS protocol.

Note: Server-based spam filtering supports only IP-based spam block list blocklist lookup. Sophos updates and maintains the IP-based spam block list. Server-based antispam filtering is a separately licensed subscription service.

Action

Default Action

Select the antispam action that the device should take when it detects spam:

  • Tag Email Subject Line

  • Tag SMTP Header

  • Block Email

  • Note

Custom Tag

Enter a custom string for identifying a message as spam. By default, the device uses ***SPAM***.