Sophos Email Security is a comprehensive solution designed to protect against malicious email threats.
Sophos Email Security can be deployed in two ways; your deployment method will dictate what authentication standards are available to you.
Method 1 - Gateway Deployment
Deploying Sophos Email Security in Gateway mode will allow you to use both DKIM and SPF for email authentication.
Sophos Gateway is the established method of protecting your email. It is designed to secure on-premises email environments, and also works with all cloud-based email services, for example Google Workspace.
You must change the MX records for your email domains so that your Sophos Gateway can intercept and scan emails before they reach their recipients. You also have to make changes to your DNS.
Sophos Gateway SPF Setup
Sohpos provides multiple SPF records, please pick the SPF record for the region where your Sophos Email Security instance is hosted.
| United States (West) | _spf_uswest2.prod.hydra.sophos.com |
| United States (East) | _spf_useast2.prod.hydra.sophos.com |
| Germany | _spf_eucentral1.prod.hydra.sophos.com |
| Ireland | _spf_euwest1.prod.hydra.sophos.com |
| Canada | _spf.eml100yul.ctr.sophos.com |
| Australia | _spf.eml100syd.ctr.sophos.com |
| Japan | _spf.eml100hnd.ctr.sophos.com |
| India | _spf.eml100bom.ctr.sophos.com |
| Brazil | _spf.eml100gru.ctr.sophos.com |
Sophos Gateway DKIM Setup
To add a DKIM key, do as follows:
- Go to My Products > General Settings > Domains Settings / Status and click the domain to which you want to add a DKIM key.
- Click Add key.
-
Copy the DKIM information that is generated automatically and use it to create a DNS TXT value in Sendmarc for your domain.
-
Once your DNS TXT record has been published, click Test record to check that your DNS TXT record matches the information in Sophos Email.
-
Activate the DKIM key, then click Save.
DKIM is now enabled for your Sophos Gateway Deployment Outbound Email.
Method 2 - Mailflow Deployment
Deploying Sophos Email Security in Mailflow mode will allow you to use only SPF for email authentication as the security is deployed inline with MS365.
Sophos Mailflow protects Microsoft 365 emails. It integrates directly with Microsoft 365 with the Microsoft Exchange Connector Services to scan your emails.
Sophos Mailflow uses Microsoft APIs to create mail flow rules in your Microsoft 365 environment. These mail flow rules route the emails to Sophos and back to Microsoft 365.
Setting up Sophos Mailflow is done from Sophos Central. You don't have to make changes to your DNS settings for domain verification or MX redirection.
Sophos Mailfow SPF Setup
Sohpos provides multiple SPF records, please pick the SPF record for the region where your Sophos Email Security instance is hosted.
| United States (West) | _spf_uswest2.prod.hydra.sophos.com |
| United States (East) | _spf_useast2.prod.hydra.sophos.com |
| Germany | _spf_eucentral1.prod.hydra.sophos.com |
| Ireland | _spf_euwest1.prod.hydra.sophos.com |
| Canada | _spf.eml100yul.ctr.sophos.com |
| Australia | _spf.eml100syd.ctr.sophos.com |
| Japan | _spf.eml100hnd.ctr.sophos.com |
| India | _spf.eml100bom.ctr.sophos.com |
| Brazil | _spf.eml100gru.ctr.sophos.com |
Need Help?
support@sendmarc.com is standing by to assist!