Top Attack Sources Widget

The Top Attack Sources widget shows the most active IP addresses attacking your network.

An attack source is the first MTA with a public IP address that routes a suspicious message. For example, if a suspicious message travels the following route: IP1 (sender) > IP2 (MTA: > IP3 (company mail gateway) > IP4 (recipient), Deep Discovery Email Inspector identifies (IP2) as the attack source. By studying attack sources, you can identify regional attack patterns or attack patterns that involve the same mail server.

The table shows detections based on the selected time period. Click a number under Detections or High Risk Messages to learn more about the detections. Detections includes all detected email messages, including high-risk messages.

Click View all attack sources to see all detected attack sources over the selected time period.


A dash (-) indicates that the location information is not available.

For example, if Deep Discovery Email Inspector is unable to obtain a public IP address from the message routing information, no location information is available.

For general widget tasks, see Widget Tasks.