The generated IMSVA traffic summary report shows the top email address by traffic is "unknown@unknown". This address has no entries as it cannot be found under Logs > Query > Message Tracking. It cannot be added on the block list as well, showing an invalid domain error.
"Unknown@unknown" that shows up in IMSVA reports is for blank sender addresses. IMSVA looks/logs the SMTP envelope addresses for their report. If you are familiar with sending emails through telnet command, below is a typical format of commands that a sending MTA sends to receiving MTA.
telnet MTA_IP or FQDN 25
MAIL FROM: email@example.com
RCPT TO: firstname.lastname@example.org
Subject: Test email
This is message body or content.
The addresses in MAIL FROM: and RCPT TO: commands are the SMTP envelope addresses. These are the ones logged/recorded by IMSS in reports.
The addresses in From: and To: headers after the DATA command are the message headers. These are the addresses displayed and the addresses you see once you received the email.
Generally and is the case in MOST MTA's, NDR mails, and DSN mails, and sometimes email read receipts as well as OOO (Out of Office) messages (in the case of MS EXchange for example) are sent with a blank MAIL FROM: address. Thus, IMSVA will have no address to put in the logs/reports for those emails. So IMSVA simply consolidates them to one category which is unknown@unknown.