Attack Sources Widget

The Attack Sources widget shows an interactive map representing all source MTAs that routed suspicious email traffic.

An attack source is the first MTA with a public IP address that routes a suspicious message. For example, if a suspicious message travels the following route: IP1 (sender) > IP2 (MTA: > IP3 (company mail gateway) > IP4 (recipient), Deep Discovery Email Inspector identifies (IP2) as the attack source. By studying attack sources, you can identify regional attack patterns or attack patterns that involve the same mail server.

Mouse-over any point on the map to learn about the events that came from the attack source location.

Click any highlighted region on the map to learn more about attacks originating from that region.


Attacks in the No data group are detected attacks with no location information.

For example, if Deep Discovery Email Inspector is unable to obtain a public IP address from the message routing information, no location information is available.

Click View all attack sources in the top-right corner to go to the Attack Sources screen.