Version Notable Changes

Sophos Email Appliance now provides advanced protection against malicious emails through the Time-of-Click (ToC) Protection. The Email Appliance verifies a URL destination’s safety in real-time. Nowadays, a frequent technique used by hackers has been to drive recipients to click on either a malicious link or a link directing them to a website which is initially harmless but turns malicious after a period of time. With this feature, users are protected: whether they access the message from the corporate network, home network, mobile device, or a public network.

In ToC, SEA encodes and rewrites URLs present in an email. On clicking the re-written URL, it redirects user to the Email Appliance, where the URL is scanned in real-time. Based on the URL's reputation or Threat Risk Level, and the policy configured in SEA, user is allowed or denied access, or warned before accessing the website.

ToC in Sophos Email Appliance:

ToC policies

You can create a ToC policy for enhanced threat protection against phishing attacks.

Whitelist URLs

You can whitelist trusted URLs so that they are not rewritten during ToC processing.

Blocked/Warning Page

You can customize the Blocked Page or the Warning page displayed to users.

Decode URL

You can decode and view the URLs encoded by Email Appliance.


A new Time-of-Click Protection report displays a list of the top 100 URLs that have been scanned due to ToC Protection policies.

FQDN for ToC URL Rewriting

You can set the FQDN to be used when rewriting the URLs in ToC processing.