High Volume Mail Page

You can use the High Volume Mail report page to:

• Identify attacks involving a large number of messages from a single sender, or with identical subjects, within a moving one-hour period.

• Monitor top domains to ensure that such attacks do not originate in your own domain. If this situation occurs, one or more accounts in your organization may be compromised.

• Help identify false positives so you can adjust your filters accordingly.

You can use the High Volume Mail report page to view:

• Messages with the top subjects in graphical format.

• Messages with the top envelope senders in graphical format.

• Top message filters by number of matches in graphical format.

• Total message filters by number of matches in tabular format.

To view the High Volume Mail report page on the Security Management appliance, select Email from the Product drop-down and choose Monitoring > High Volume Mail from the Reports drop-down. For more information, see Using the Interactive Report Pages.

From the High Volume Mail report page you can export raw data to a CSV file. For information on printing or exporting a file, see the Exporting Reporting and Tracking Data.

Reports on this page show data only from message filters that use the Header Repeats rule and that pass the number-of-messages threshold that you set in that rule. When combined with other rules, the Header Repeats rule is evaluated last, and is not evaluated at all if the message disposition is determined by a preceding condition. Similarly, messages caught by Rate Limiting never reach Header Repeats message filters. Therefore, some messages that might otherwise be considered high-volume mail may not be included in these reports. If you have configured your filters to include certain messages in allowed list, those messages are also excluded from these reports.

For more information about message filters and the Header Repeats rule, see the online help or user guide for your Email Security appliance.