Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Creating Antispam Profiles

Before You Begin

  • Read the Content Security Overview topic

  • Decide what kind of filtering you want for the Content Security policy: Web filtering, antispam, antiviurs, or content filtering.

  • Review the Antispam Profile main page for an understanding of your current data set. See Antispam Profile Main Page Fields for field description.

Use the Content Security policy page to configure antispam profiles.

E-mail spam consists of unwanted e-mail messages usually sent by commercial, malicious, or fraudulent entities. When the device detects an e-mail message deemed to be spam, it either blocks the message or tags the message header or subject field with a preprogrammed string. Antispam filtering allows you to use both a third-party server-based spam block list (SBL) and to optionally create your own local allowlists (benign) and blocklists (malicious) for filtering against e-mail messages.


Sophos updates and maintains the IP-based SBL. Antispam is a separately licensed subscription service.

Once you create a profile, you can assign it to Content Security policies. Within the Content Security policy, you can apply either the same antispam profile or create one inline to scan e-mail traffic.

To create an antispam profile:

  1. Select Configure > UTM Policy > Antispam Profiles.
  2. Click the + icon to create a new antispam profile.
  3. Complete the configuration according to the guidelines provided in Table 1.
Table 1: Antispam Profile Settings



General Information


Enter a unique name for the antispam profile that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 29 characters.


Enter a description for the antispam profile; maximum length is 255 characters.

Use Sophos Blocklist

Select this check box to use server-based spam filtering. This check box is selected by default. If the box is unchecked, local spam filtering is used. Server-based antispam filtering requires Internet connectivity with the spam block list (SBL) server. Domain Name Service (DNS) is required to access the SBL server. The firewall performs SBL lookups through the DNS protocol.


Server-based spam filtering supports only IP-based spam block list blocklist lookup. Sophos updates and maintains the IP-based spam block list. Server-based antispam filtering is a separately licensed subscription service.


Default Action

Select the antispam action that the device should take when it detects spam:

  • Tag Email Subject Line

  • Tag SMTP Header

  • Block Email

  • Note

Custom Tag

Enter a custom string for identifying a message as spam. By default, the device uses ***SPAM***.