diff --git a/modules/email/mail-log-analyzer.sh b/modules/email/mail-log-analyzer.sh
index 73a4f38..50adb3e 100755
--- a/modules/email/mail-log-analyzer.sh
+++ b/modules/email/mail-log-analyzer.sh
@@ -126,7 +126,7 @@ detect_blacklist_issues() {
             # Extract IPs being rejected
             if [[ "$line" =~ ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) ]]; then
                 local ip="${BASH_REMATCH[1]}"
-                echo "$line" >> "/tmp/blacklist_ip_${ip//\./_}.log"
+                echo "$line" >> "$TEMP_DIR/blacklist_ip_${ip//\./_}.log"
             fi
         done < "$temp_file"
 
@@ -160,7 +160,9 @@ detect_spam_accounts() {
         grep -oE '\<[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\>' | \
         sort | uniq -c | sort -rn | head -50 >> "$temp_file"
 
-    local hourly_limit=$((SPAM_THRESHOLD * ANALYSIS_HOURS / 24))
+    # Cap ANALYSIS_HOURS to prevent threshold overflow (max 1 year = 8760 hours)
+    local capped_hours=$((ANALYSIS_HOURS > 8760 ? 8760 : ANALYSIS_HOURS))
+    local hourly_limit=$((SPAM_THRESHOLD * capped_hours / 24))
 
     while read -r count identifier; do
         if [ "$count" -gt "$hourly_limit" ]; then
@@ -737,22 +739,23 @@ calculate_domain_success_rates() {
     print_info "Calculating domain success rates..."
 
     # For each domain, calculate: (delivered / (delivered + bounced)) * 100
-    if [ -f "$TEMP_DIR/"top_recipient_domains.$$ ]; then
-        while read count domain; do
-            local delivered=$count
-            # Use word boundary to match exact domain, not substrings
-            # Escape domain for safe use in grep pattern (fix regex injection risk)
-            local escaped_domain=$(printf '%s\n' "$domain" | sed 's/[[\.*^$/]/\\&/g')
-            local bounced=$(grep -c "\b${escaped_domain}$" "$TEMP_DIR/"domains_bounced.$$ 2>/dev/null || echo "0")
+    # Use consistent metrics: count delivered from domains_delivered, count bounced from domains_bounced
+    if [ -f "$TEMP_DIR/domains_delivered.$$" ] && [ -f "$TEMP_DIR/domains_bounced.$$" ]; then
+        # Get unique domains from both files
+        sort "$TEMP_DIR/domains_delivered.$$" "$TEMP_DIR/domains_bounced.$$" | uniq | while read -r domain; do
+            local delivered=$(grep -c "^$domain$" "$TEMP_DIR/domains_delivered.$$" 2>/dev/null || echo "0")
+            local bounced=$(grep -c "^$domain$" "$TEMP_DIR/domains_bounced.$$" 2>/dev/null || echo "0")
             local total=$((delivered + bounced))
 
             if [ "$total" -gt 0 ]; then
                 local success_rate=$(( (delivered * 100) / total ))
-                echo "$success_rate%|$domain|$delivered/$total" >> "$TEMP_DIR/"domain_success_rates.$$
+                echo "$success_rate%|$domain|$delivered/$total" >> "$TEMP_DIR/domain_success_rates.$$"
             fi
-        done < "$TEMP_DIR/"top_recipient_domains.$$
+        done
 
-        sort -t'|' -k1 -rn "$TEMP_DIR/"domain_success_rates.$$ | head -20 > "$TEMP_DIR/"domain_success_rates_sorted.$$
+        if [ -f "$TEMP_DIR/domain_success_rates.$$" ]; then
+            sort -t'|' -k1 -rn "$TEMP_DIR/domain_success_rates.$$" | head -20 > "$TEMP_DIR/domain_success_rates_sorted.$$"
+        fi
     fi
 }