Email Message Attack Sources

This widget shows an interactive map representing all source MTAs that routed suspicious email traffic.

An attack soruce is the first MTA with a public IP address that routes a suspicious message. For example, if a suspicious message travels the following route: IP1 (sender) > IP2 (MTA: 225.237.59.52) > IP3 (company mail gateway) > IP4 (recipient), Deep Discovery Email Inspector identifies 225.237.59.52 (IP2) as the attack source. By studying attack sources, you can identify regional attack patterns or attack patterns that involve the same mail server.

Mouse-over any point on the map to learn about the events that came from the attack source location.

Click any highlighted region on the map to learn more about attacks originating from that region.

The default time period is Last 24 hours.

Click the menu icon in the top-right corner of the widget, and then select the edit icon to configure the widget.