Im currently trying to build a search where im trying to determine if a user is trying to send data out maliciously. One of the things that i am trying to do is count the number of recipients by the number of senders before the stats line so that I can use that data in an eval giving me a threat number between 1 and 5

index=msexchange size>2000000 directionality="Originating" AND action="delivered" AND recipient!="iccu.com" AND NOT
(message_subject="RE" OR message_subject="FW*" OR message_subject="EXTERNAL") AND
(recipient="gmail.com" OR recipient=".edu" OR recipient="hotmail.com" OR recipient "*yahoo.com" OR recipient="*msn.com" OR
recipient="*outlook.com" OR recipient="*aol.com" OR recipient="*zoho.com" OR recipient="*icloud.com" OR recipient="*inbox.com" OR recipient="*mail.com" OR recipient="*yandex.com" OR recipient="*protonmail.com")
|eval threat_num=5
**somewhere in here i am needing to count the recipients by the senders so that i can do an eval to determine the value of diff*
|eval appraise=if(like(message_subject, "%ppraisal%"), 2, 0)
|eval payment=if(like(message_subject, "%ayment%"), 2, 0)
|eval loan=if(like(message_subject, "%oan%"), 2, 0)
|eval diff=(threat_num - appraise - payment - loan)
|stats values(size) as "Message Size" list(diff) values(message_subject) values(title) values(recipient) as Recipient by sender | sort -"Message Size"

Ive looked into using mvcount but it doesnt appear that you can use a 'by' value in it. Anything helps.
Thanks!