Skip to content

Message Summary Report

The Message Summary report details the email messages processed by Sophos Email Security for your protected mailboxes.

This option is only available if your license includes Sophos Email.

Go to Reports > Email Security > Message Summary.

If you have domains connected with Sophos Gateway and Sophos Mailflow, click Type to select which one to view.

You can view messages that occurred in the past 365 days or less. Messages for the last 30 days are shown by default.

Direction: Select Inbound or Outbound from the drop-down menu to view messages that have been received or sent.

All scanned messages are shown in the report by default.

Message Summary uses interactive reporting. You can select and deselect category legends in the chart to focus on the categories you're most interested in. You can click on table entries to go to Message History for more information.

Inbound messages are categorized as follows:

  • Realtime blocked: Messages from blocked sending IP addresses.
  • Enterprise blocked: Messages sent from an address that has already been added to the enterprise blocklist (inbound allow/block).
  • Virus: Messages containing viruses.
  • Unscannable: Messages we couldn't scan for threats.
  • Intelix threat: Messages identified as threats by SophosLabs' Intelix service.
  • Malicious URL: Messages containing links on our malicious URLs lists.
  • Impersonation: Messages that fail Impersonation Protection checks.
  • Spam: Messages containing known spam characteristics.
  • Bulk: Newsletters, mailing lists, and other forms of solicited email.
  • Authentication failure: Messages that failed authentication DMARC, SPF or DKIM checks.
  • Data control: Messages that violated Data control policies.
  • Legitimate: Messages classified as clean, and therefore delivered.

The Outbound Activity Summary shows information about the following message categories. As far as possible, this is the order in which the threat scans take place:

  • Virus: Messages containing viruses.
  • Spam: Messages classified as spam.
  • Data control: Messages that violated Data control policies.
  • Secure Message: Messages secured by TLS, S/MIME, or Push or Portal Encryption.
  • Legitimate: Messages classified as clean, and therefore sent.

Table and chart

The message table shows the number of email messages processed for each date listed. It reflects the selected date and all message types. You can sort the columns by category.

You can click on any linked number to go to Message History for the messages that failed that scan type on that day. See Message History Report

You can't click Realtime blocked entries as they aren't included in Message History. This is because there is little information available for messages blocked early in the scanning process, during the SMTP command.

The chart shows you at a glance the number of messages that were processed per day.

You can hover over the chart to see the message breakdown for any day. You can also select and deselect chart legends to include or exclude categories from the chart. You can then focus on the categories that most interest you.