0

I have a odd instance where by an email (password reset) from one of our third-party providers is being redirected to a shared inbox rather than the user it was intended for.

I can see on the original email it is set To: <> however the email never appears in that users' inbox, it goes straight to the shared inbox. This is confirmed by performing a Mail Flow trace on the email, whereby the email doesn't exist when searching for emails sent to the user, rather it appears on emails sent to the shared inbox.

I have checked the headers of the email and can see no transport rules have been triggered.

This only happens maybe once a week, whereby during this week, plenty other users receive their password reset email just fine.

The third party whose emails these are, have confirmed from their end the email was sent to the user and their Mail Flow shows the email as being delivered to the intended user account.

Any advice or pointers as to how I figure this one out would be gratefully appreciated.

TomSlinger
  • 3
  • 1

1 Answers1

1

I am a little confused about the mail trace. Does it show that the email is delivered to the shared inbox or the intended user mailbox?

If the latter is the case, but the email still shows up in the shared mailbox, than there is only one plausible explanation. It must be an user Outlook rule that moves the message. Try to find that out. Especially when it doesn't always happen from the same third party (if the users device is turned off, it doesn't apply rules. Unless it's an Exchange Online rule of course).

Or you can try to find out if an item has moved manually and by whom with this command:

Search-MailboxAuditLog -Identity <mailbox> -LogonTypes Delegate -ShowDetails -StartDate 10/20/2019 -EndDate 10/31/2019 | Where-Object {$_.Operation -eq "Move"} | Export-Csv C:\temp\exportAuditLogs.csv

For all possible operations, please check https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/search-mailboxauditlog?view=exchange-ps

Another thing you could check is that the shared mailbox doesn't have an alias that the third party is sending to. For example you have the mailbox: user@domain.com Shared Mailbox alias = user2@domain.com.

Erjen Rijnders
  • 201
  • 1
  • 5
  • I agree with @Erjen, either it's got to be a rule on the inbox, but if it shows in the message trace as being delivered directly to the shared mailbox, you have to check for typos and secondary email addresses. – OnkelJ Oct 31 '19 at 10:43