Categorizing Email Messages on the Mail Flow Summary Page

Incoming messages that are considered as threat, and outgoing messages that are delivered in the Mail Flow Summary report page are categorized as follows:

Email Categories on Mail Flow Summary Page
Category	Description
Mail Flow Summary: Incoming
Reputation Filtering	All connections blocked by HAT policies, multiplied by a fixed multiplier, (see the How Incoming Mail Messages are Counted) and added with all recipients blocked by recipient throttling. The value for Stopped by IP Reputation Filtering is calculated based on the following factors: Number of “throttled” messages from this sender. Number of rejected or TCP refused connections (may be a partial count). A conservative multiplier for the number of messages per connection. When the appliance is under heavy load, an exact count of rejected connections is not maintained on a per-sender basis. Instead, rejected connections counts are maintained only for the most significant senders in each time interval. In this situation, the value shown can be interpreted as an indicative value of the least number of messages are stopped. The Reputation Filtering total count and percentage on the Mail Flow Summary report page is always based on a complete count of all rejected connections. Only the per-sender connection counts are limited due to load.
Invalid Recipients	The total count and percentage of all mail recipients rejected by conversational LDAP rejection in addition to all RAT rejections.
Anti-Spam	The total count and percentage of incoming messages detected by the anti-spam scanning engine as positive or suspect. Additionally, messages that are both spam and virus positive.
Anti-Virus	The total count and percentage of incoming messages detected as virus positive and not also spam. The following messages are counted in the “Virus Detected” category: Messages with a virus scan result of “Repaired” or “Infectious” Messages with a virus scan result of “Encrypted” when the option to count encrypted messages as containing viruses is selected Messages with a virus scan result of “Unscannable” when the action for unscannable messages is NOT “Deliver” Messages with a virus scan result of “Unscannable” or “Encrypted” when the option to deliver to an alternate mail host or an alternate recipient is selected Messages that are deleted from the Outbreak quarantine, either manually or by timing out.
Advanced Malware Protection	The total count and percentage of incoming messages blocked by the file analysis service. A message attachment was found to be malicious by file reputation filtering. This value does not include verdict updates or files found to be malicious by file analysis.
Content Filter	The total count and percentage of incoming messages that are stopped by message and content filters.
DMARC Policy	The total count and percentage of incoming messages that failed DMARC verification policy.
S/MIME Verification/Decryption Failed	The total count and percentage of incoming messages that failed S/MIME verification, decryption, or both.
Mail Flow Summary: Outgoing
Hard Bounces	The total count and percentage of outgoing messages that are permanently undeliverable.
Delivered	The total count and percentage of outgoing messages that are delivered.

Note

If you have configured your anti-virus settings to deliver unscannable or encrypted messages, these messages will be counted as clean messages and not virus positive. Otherwise, the messages are counted as virus positive.

Additionally, if messages match a message filter and are not dropped or bounced by the filter, they are treated as clean. Messages dropped or bounced by a message filter are not counted in the totals.