diff --git a/Log Analytics/ListCountOfEmailsRecievedByRecipientDomain b/Log Analytics/ListCountOfEmailsRecievedByRecipientDomain
new file mode 100644
index 0000000..1327ed9
--- /dev/null
+++ b/Log Analytics/ListCountOfEmailsRecievedByRecipientDomain	
@@ -0,0 +1,7 @@
+SMTPLogs_CL 
+| parse RawData with Date " " Time " " CIP " " CSUserName " " SSiteName " " SComputerName " " SIP " " SPort " " CSMethod " " CSUriStem " " csuriquery " " *
+| where csuriquery contains "TO:<"
+| extend recipientdomains = extract("@(.*)>",1,csuriquery)
+| project recipientdomains, csuriquery 
+| summarize emailsrecieved=count(csuriquery) by recipientdomains
+| sort by emailsrecieved desc