Sophos Sandstorm is a Cloud service that provides in-depth analysis of potentially malicious email messages.

Sandstorm provides a higher level of security by performing real-time, in-depth threat analysis of potentially malicious messages. Suspicious messages are sent for analysis. If found to be infected, messages are dropped, else delivered to the respective recipient.

For more details, see Sophos Sandstorm.


Use this page to enable/disable communication between the appliance and Sandstorm.

You can activate a 30-day free evaluation to try it out or purchase the full Sandstorm license. Contact your Sophos Representative for more details.

Sandstorm Monitoring

This section displays all the suspicious messages that are currently held by the appliance for further analysis by SophosLabs. Messages that are found to have malicious content are processed according to the configured action in Sandstorm policies. The clean messages are delivered to their respective recipients, if no other policies are applied on them.
The administrator can manually release messages held by Sandstorm by selecting the message(s) and clicking the Release button. The released messages are delivered to their respective recipients without being analysed.
  • Malicious messages may enter your network if you release messages before analysis is done.
  • You must allow external communication of the Email Appliance to over HTTPS (443) port.