Change to 'nxdomain' in Threat classification?

I’m at a loss to explain what could cause the apparent drop in threats since early April 2020, other than the main culprit seems to be a lack of sources allocated to the ‘nxdomain’ server. The server ‘*.’ is also no longer listed as a threat source recently. Has this happened to anyone else?
Our legitimate mail rates haven’t necessarily declined much during the pandemic, and we haven’t added other legitimate senders in a while… certainly none have been converted from ‘threat’ to ‘dmarc capable’ in the graphs.

Have the spammers and phishers taken a break? Do they not have adequate work from home solutions?

Hello @meliux, this pattern isn’t entirely uncommon. Typically, a drop in abuse occurs when there has been a DMARC policy enforcement increase (quarantine/reject). It’s also possible that a more lucrative opportunity presented itself for that bad actor.