Sophos Outlook Add-in

Deployment Guide
Contents
Introduction ................................................................................................................................................................. 4
Prerequisites ............................................................................................................................................................... 5
Installation ................................................................................................................................................................... 6
Changing the Registry .......................................................................................................................................... 11
Re-enabling the Add-in ........................................................................................................................................16
Copyrights and Trademarks ............................................................................................................................... 17
 4

Introduction
The Sophos Outlook Add-in integrates seamlessly with Microsoft Outlook, making it easy for email users to
report spam messages to Sophos and encrypt messages through the Sophos Email Appliance.
This add-in simplifies spam reporting for users of the Sophos Email Appliance, PureMessage for UNIX, and
PureMessage for Microsoft Exchange. Once installed, users can report spam by clicking a custom button in their
Outlook window.
Forwarding spam to SophosLabs helps Sophos in its ongoing efforts to improve the accuracy of spam
heuristics.
Users whose mail is filtered by the Email Appliance can also take advantage of one-click encryption, which
allows them to send messages by way of the appliance using SPX encryption. With this feature, users can
send content containing sensitive or confidential information as a secure PDF.
As an administrator, you can control how the add-in is installed and which features are available to your end
users. For example, if you want the add-in to be solely a tool for reporting spam, you can disable the message
encryption options or hide them from your users.
This documentation is intended to aid in the evaluation and installation of the add-in. It also describes how to
report spam and encrypt a message. You must then provide end users with the necessary instructions.
5

Prerequisites
• Microsoft Outlook 2013 or 2016 (32 and 64-bit versions are supported)

• To encrypt messages using the Sophos Email Appliance, Microsoft Outlook must be configured to
send mail using either SMTP or Microsoft Exchange.

• Windows 7, Windows 8, Windows 10 (32 and 64-bit versions are supported).

• Microsoft .NET Framework 4.6.1
• Microsoft Visual Studio 2010 Tools for Office Runtime 4.0

Note: It is recommended that you install all available updates to ensure full compatibility. If you are
installing with the setup.exe file provided by Sophos, Microsoft .NET Framework 4.6.1 is installed
automatically, if not already installed. Microsoft Visual Studio 2010 Tools for Office runtime should be
installed by the user from https://www.microsoft.com/en-us/download/details.aspx?id=48217. If you
are installing using the procedure described in Installing the Add-in on Multiple Workstations, both the
.NET Framework and Visual Studio Tools must be installed beforehand.
 6

Installation
Depending on how you prefer to deploy the Sophos Outlook Add-in, there are two main methods of installation.
The first, which is done by launching the installer, is designed for evaluations and organizations where users will
install the add-in themselves, or an administrator will perform a separate installation on each user machine.
The second method involves using the .msi file, which is provided for you to install the add-in on multiple user
machines from a central location on the network.
Note: Regardless of the method, if the add-in is installed in a directory other than the Microsoft Windows
"Program Files" directory (for example, C:\Program Files\), end users will be shown a message box prompting
them to install a Microsoft Office "customization." End users must click Install to complete the installation of the
Outlook Add-in.

Downloading the Outlook Add-in

Before you can install the Sophos Outlook Add-in, you must obtain the necessary files from the Sophos website.
The download is free, but you will first be prompted to log in to your MySophos account. If you do not have an
account, visit the Sophos registration page. If you need assistance, see How to create a MySophos login to
download your Sophos software.

1. If you have a MySophos account, visit this web page:

https://www.sophos.com/en-us/support/downloads/email/sophos-outlook-add-in.aspx
2. When prompted, log in to your MySophos account.
3. To view the download page for this product, review the End User License Agreement, and click Accept.
4. Click Download.
5. Follow your operating system's prompts to complete the download of SophosOutlookAdd-in.zip. See
Installing the Add-in on a Single Workstation or Installing the Add-in on Multiple Workstations for
installation instructions.

Installing the Add-in on a Single Workstation

If you prefer end users install the add-in themselves, and you are comfortable with making all the options
described in
7

Setting Options available to your users, then you can deploy the add-in as follows. If, instead, you want to
perform a separate installation for each user, you must run setup.exe on each user workstation.
Note: If you would like to evaluate the add-in before deploying it to multiple users, it is recommended that
you first use this method to install on a single test machine.

1. The files you received from Sophos include setup.exe and SophosOutlookAddInSetup.msi. Place these
files in the same directory on an internal server that is accessible to your intended users and provide
them with the location.
2. Instruct users to double-click setup.exe and follow the steps in the installation wizard.
3. On the Select Components page, instruct users to choose the appropriate option: Both SophosLabs
spam reporting and SPX email encryption, SophosLabs spam reporting only, or SPX email encryption
only.
4. Users should complete the remaining steps in the wizard.
5. Users can then launch Microsoft Outlook, and the new features will be installed. If Outlook was open during
installation, users will have to close Outlook and re-open it for the changes to take effect.
 8

Installing the Add-in on Multiple Workstations

Although it is possible to use the setup.exe installer provided by Sophos to install the default version of the
Sophos Outlook Add-in on each user workstation, you may prefer to create a custom version of the tool and
then distribute it to your end users.
This is the best method if you want to control which features users can see and access. For example, if users'
mail is filtered by a Sophos product other than the Email Appliance, it makes sense to disable and hide the
encryption functionality because it is unavailable on all other Sophos products.
The msiexec command calls the SophosOutlookAddInSetup.msi installer provided by Sophos. Use the
Sophos command-line options described below to make some, or all the add-in features available to your
users.
Regardless of which settings you choose to enable, the installer creates Windows Registry keys for every
possible option. Should you decide to adjust the settings later, you can edit your users' registries. For more
information, see Changing the Registry.
You can create a version of the add-in that is appropriate for your organization with the msiexec command. The
command-line options used to customize the Options dialog box for the add-in are described below. For
information about other msiexec options, see the Microsoft documentation.
Note: By default, the add-in is installed in the Windows Program Files directory. If you specify a different
installation directory using msiexec, your end users will be prompted to accept the new add-in as a
customization. They must click Install to accept.
9

This table shows the command-line options you can use to determine which features your end users can see
and access. When specifying these options, you can use the short form that is shown in brackets after each
option.
In the table below, the following values apply.
For features with values of 0 and 1:
0 = check box is cleared
1 = check box is selected.
For features with values of 1, 2, and 3, excluding ENABLETYPE (see table):
1 = Feature is visible to users and is configurable
2 = Feature appears to users as grayed out
3 = Feature is hidden from users

Command-Line Option (Abbreviated Description Available Values

Option)
ENABLETYPE (T) Determines which features are available to
1. Encryption only
users
2. Spam reporting only
3. Both encryption and
spam reporting

ENCRYPTIONCONFIGURABLE (EC) Controls availability of encryption features 1, 2, 3

SETCONFIDENTIAL (C) Adds "confidential" to message header 0, 1
ADDINTERNETHEADER (I) Adds specified header to message header 0, 1
INTERNETHEADER (H) Specifies header for ADDINTERNETHEADER Provide string. Default:
"X-Sophos-SPX-Encrypt: yes"
USERPREFCONFIGURABLE (UC) Controls availability of spam reporting features 1, 2, 3
SPAMEMAILADDRESSCONFIGURABLE Controls availability of spam report address 1, 2, 3
(SC)
SPAMEMAILADDRESS (E) The address(es) to which spam is sent Provide address(es).
Default: "is-
spam@labs.sophos.com"
SPAMACTION (M) Deletes messages reported as spam or moves 0, 1
them to the Junk E-mail folder
SAVESPAMREPORT (S) Saves copies of messages as reports in Sent 0, 1
Items folder
SHOWACKNOWLEDGEMENT (A) Shows confirmation message when reporting 0, 1
spam
 10

Example: Sophos Default Configuration

This is the msiexec command that is used to install the add-in with the Sophos default options.

msiexec /i SophosOutlookAddInSetup.msi /qn /l* install_log.txt

If you run it with these command-line options, your users' Options dialog box will have the same features and
default settings as the one shown below.

Example: All User Preferences Disabled

This is the msiexec command you would run if you wanted to disable encryption, enable spam reporting, but
turn off user-configurable options. Notice that the Submission Address field contains two addresses, so that
the spam is reported to Sophos as well as an internal recipient. You may want to do this to monitor the kind of
messages that end users are reporting as spam.

msiexec /i SophosOutlookAddInSetup.msi /qn /l* install_log.txt ENABLETYPE=2

ENCRYPTIONCONFIGURABLE=2 USERPREFCONFIGURABLE=2
SPAMEMAILADDRESS="is-spam@labs.sophos.com; is-spam@example.com"
SPAMEMAILADDRESSCONFIGURABLE=2 SPAMACTION=1 SAVESPAMREPORT=1 SHOWACKNOWLEDGEMENT=1

If you run msiexec with these options, your users' Options dialog box will have the same features and settings as
the one shown below. Since there are no user-configurable options, the Reset to Defaults button is hidden.
11
 12

Changing the Registry

When you install the add-in on multiple servers, keys are added to the users' registries for all possible options. If
you want to change what is available to users through the Options dialog box, you can simply update the registry
settings using your preferred tool.
During installation, the following registry entry is created:
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SophosOutlookAddIn\Settings

On 64-bit systems with 32-bit Outlook this will be:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\SophosOutlookAddIn\Settings

Any configuration changes that an end user makes will be displayed in:
HKEY_CURRENT_USER\SOFTWARE\Sophos\SophosOutlookAddIn\Settings

The table below shows the Sophos default values for each key. To change the setting, you must assign a
different value. See Installing the Add-in on Multiple Workstations for definitions of additional values.
The Reset to Defaults button is available to users whenever you make at least one of the add-in options
configurable.
Important: Use the syntax exactly as it is shown below. Each registry key must be entered with the
sentence case displayed here. This applies to the key's "type," which must also be included exactly as
shown. Despite differences in case, the names of the keys are consistent with the options described in
"Installing the Add-in on Multiple Workstations." See this section for a complete definition of each
option/key.

If you want to add or remove specific options or sets of options, reset the Windows Registry using the keys and
values described below.
For a complete description of each option and its available values, see the table of equivalent command-line
options in Installing the Add-in on Multiple Workstations.

Type Key Default Value

DWORD EnableType 3 (Enables reporting and encryption)

DWORD EncryptionConfigurable 1 (Users can configure encryption)

DWORD SetConfidential 1 (Sensitivity is set to confidential for encryption)

DWORD AddInternetHeader 0 (Internet Header is not added)

String InternetHeader "X-Sophos-SPX-Encrypt: yes"

DWORD UserPrefConfigurable 1 (Users can configure all spam reporting preferences)

DWORD SpamEmailAddressConfigura 1 (Users can configure the Submission Address)

ble
String SpamEmailAddress "is-spam@labs.sophos.com"

DWORD SpamAction 1 (Reported messages are moved to Junk E-mail folder)

DWORD SaveSpamReport 1 (Copies of messages are saved as reports in Sent Items

folder)
DWORD ShowAcknowledgement 1 (Confirmation message is displayed when reporting
spam)

Upon installation, a registry value is created in HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SophosOutlookAddIn

named Debug. By default, it is set to "0," and user activity is logged to a file. The location differs, depending on the
version of Windows:
• Windows 7: %ALLUSERSPROFILE%\Sophos\Sophos Outlook Add-in\logs\<username>.log
13

To generate more detailed log entries, set the key's value to "1".

End User Tasks

If you have granted end users access to these features, they can do the following with their installed add-in.

Reporting Spam
1. In the main Outlook window, select the folder (for example, Inbox) containing the spam message(s) you want
to report.
2. Select the message(s) to report.
3. On the Home tab of the Outlook Ribbon, click Report As Spam.

Note: You can also access the Report As Spam option from a context menu by right-clicking the
message(s) that you want to report or open any message in its own window and click the Report As
Spam button on the toolbar.

4. If the option to show a confirmation dialog box is selected, a message is displayed, asking if you want to
move the message to the default folder and report it as spam to SophosLabs. By default, the message is
moved to the Junk E-mail folder. To specify a different folder, see
 14

5. Setting Options. Click OK to complete the report.

Encrypting Messages (Sophos Email Appliance Only)

1. In Outlook, compose an email message.
2. In the top-left corner of the Message window, click Encrypt.

The Encrypt button is highlighted in orange, indicating that the message will be encrypted.

3. Click Send.
The message is sent to the Email Appliance for encryption.
15

Setting Options
Depending on how the add-in is deployed, you can give end users access to some or all the options listed below.

Users can view and configure available options by clicking the dialog box launcher under the Report As Spam
button.
Users can set the options that you made available during installation. If setup.exe is used for installation, all
the following options are configurable.
Instruct your users to select from whichever of the following options are available and click OK to save the
changes.

Email Encryption
Note: Users should select the option that corresponds with the encryption policy rule you have configured
on your Email Appliance. It is important that these settings match because the encryption is performed by
the appliance. For more information, see Encryption: SPX in the Sophos Email Appliance documentation.

• Set Sensitivity to Confidential: Sets the message's sensitivity to "Confidential." This causes Outlook to add
a "Company-Confidential" message header, indicating that the Sophos Email Appliance should encrypt the
message using SPX.
• Add Internet Header: Adds the specified header to the message, indicating that the Email Appliance
should encrypt the message using SPX.
Note: The name of the header (for example, X-Sophos-SPX-Encrypt) must only contain ASCII
characters. The value of the header (for example, "yes") may contain multibyte characters.
 16

Spam Reporting
• Submission Address: The address(es) to which spam messages will be forwarded. The default is to forward
all messages to SophosLabs; however, you may prefer to designate one or more people within your
organization who are responsible for confirming the validity/appropriateness of the message before is
forwarded to SophosLabs. If you want to forward the spam to more than one address (for example,
SophosLabs and an email administrator within your organization), enter multiple addresses, separated by
semicolons. If you enter an incorrectly formed address, an error icon is displayed to the right of the text
box.
• Delete spam messages(s) or Move to folder: Select one of these options to determine what happens to
reported spam. You can either delete all forwarded messages or specify the destination folder for all
messages forwarded as spam. (If a user reports a message as spam, it will be removed from its original
location and moved to this folder instead.)
• Save report in Sent Items: The message body is converted to an attachment and saved as a report in the
Sent Items folder.
• Show confirmation dialog box: A message is shown, asking if you want to forward the message(s).

Language
• Select Language: Select the display language of the add-in. You can select from English, French,
Spanish, Italian, Deutsch, Chinese traditional, Simplified and Japanese.

• Reset to Defaults: Returns all enabled features to the default settings that Sophos assigned. This button is
automatically available to users whenever they can configure at least one of the options described above.
17

Re-enabling the Add-in

If, for any reason, the Sophos Outlook Add-in becomes disabled, your end users should take the following steps
to re-enable it.

1. Select File ➤ Options.

2. On the Trust Center/Options sidebar, select Add-ins.
3. From the Manage drop-down list, select COM Add-ins, and click Go.
4. In the COM Add-ins dialog box, locate Sophos Outlook Add-in, and select that check box.
5. Click OK.
 18

Copyrights and Trademarks

Copyright 2019 Sophos Group. All rights reserved.
Sophos and PureMessage are registered trademarks of Sophos Limited. All other product and company names
mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any
means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where
the documentation can be reproduced in accordance with the license terms or you otherwise have the prior
permission in writing of the copyright owner.