Incoming Mails Table
The interactive Incoming Mails table at the bottom of the Mail Flow Details: Incoming Mails page lists the top senders that have connected to public listeners on the Email Security appliances. The table shows domains, IP addresses, or network owners, based on the view selected.
The system acquires and verifies the validity of the remote host’s IP address by performing a double DNS lookup. For more information about double DNS lookups and sender verification, see the user guide or online help for AsyncOS Email Security appliance.
For senders, that is Network Owner, IP Address or Domain, listed in the first column of the Incoming Mails table, or on the Top Senders by Total Threat Messages, click the Sender or No Domain Information link to view more information about the sender. The results appear on a Sender Profile page, which includes real-time information from the SenderBase Reputation Service. From the Sender Profile page, you can view for more information about specific IP addresses or network owners. For more information, see the Sender Profile Pages.
You can also view the Sender Groups report, by clicking Sender Groups report at the bottom of the Mail Flow Details page. For more information about the Sender Groups report page, see the Sender Groups Page.
To view Message Tracking details for the messages that populate this report, click a number hyperlink in the table.
The following table shows the table column descriptions for the Incoming Mails table:
|
Column Name |
Description | ||
|---|---|---|---|
|
Sender Domain (Domains) |
The domain name of the sender. | ||
|
Sender IP Address (IP Addresses) |
The IP address of the sender. | ||
|
Hostname (IP Addresses) |
The hostname of the sender. | ||
|
DNS Verified (IP Addresses) |
The IP addresses that are verified by the DNS. | ||
|
SBRS (IP Addresses) |
The SenderBase Reputation Score of the sender. | ||
|
Last Sender Group (IP Addresses) |
The details of the last sender group. | ||
|
Last Sender Group (IP Addresses) |
The details of the last sender group. | ||
|
Network Owner (Network Owners) |
The network owner of the sender. | ||
|
Connections Rejected (Domains and Network Owners) |
All connections blocked by HAT policies. When the appliance is under heavy load, an exact count of rejected connections is not maintained on a per-sender basis. Instead, rejected connections counts are maintained only for the most significant senders in each time interval. | ||
|
Connections Accepted (Domains and Network Owners) |
All connections accepted, | ||
|
Total Attempted |
All accepted and blocked connections attempted. | ||
|
Stopped by Recipient Throttling (Domains and Network Owners) |
This is a component of Stopped by Reputation Filtering. It represents the number of recipient messages stopped because any of the following HAT limits have been exceeded: maximum recipients per hour, maximum recipients per message, or maximum messages per connection. This is summed with an estimate of the recipient messages associated with rejected or TCP refused connections to yield Stopped by Reputation Filtering. | ||
|
Stopped by IP Reputation Filtering |
The value for Stopped by IP Reputation Filtering is calculated based on several factors:
When the appliance is under heavy load, an exact count of rejected connections is not maintained on a per-sender basis. Instead, rejected connections counts are maintained only for the most significant senders in each time interval. In this situation, the value shown can be interpreted as a “floor”; that is, at least this many messages are stopped.
| ||
|
Stopped by Domain Reputation Filtering |
The total count of messages blocked based on the reputation verdict of the sender domain. |
||
|
Stopped as Invalid Recipients |
All mail recipients rejected by conversational LDAP rejection plus all RAT rejections. | ||
|
Spam Detected |
Any spam that has been detected. | ||
|
Virus Detected |
Any viruses that have been detected | ||
|
Detected by Advanced Malware Protection |
The total count of messages detected by Advanced Malware Protection engines. | ||
|
Stopped by Content Filter |
The total count of messages that are stopped by a content filter. | ||
|
Stopped by DMARC |
The total count of messages that failed Domain-based Message Authentication, Reporting and Conformance (DMARC) verification. | ||
|
Total Threat |
Total number of threat messages (stopped by reputation, stopped as invalid recipient, spam, plus virus) | ||
|
Marketing |
Number of messages detected as unwanted marketing messages. | ||
|
Social |
Number of messages detected as social messages. | ||
|
Bulk |
Number of messages detected as bulk. | ||
|
Total Graymails |
Number of messages detected as graymails. | ||
|
Clean |
All clean messages. Messages processed on appliances on which the graymail feature is not enabled are counted as clean. |