Login to the Enforce Console.

Go to Servers--> Overview and then select the effected Detection Server.

Then go to 'Server Settings' page of the Detection Server.

You will find that the value of "L7.discardDuplicateMessages" is set to "false".

Change the value to "true" and then click Save.

Then recycle the services of Detection Server.

Now you will find that the duplicate incidents will stop getting generated and you will have only one incident for each detection.

If duplicate incidents happen outside of the SMTP protocol then the network monitor received the same traffic multiple times, and as there is no messageID with non SMTP incidents,

L7.discardDuplicateMessages is unable to determine these are duplicates, and the source of duplicated traffic must be found.