I migrated our email system to Exchange Cloud about a year ago, but we still have a small on-premise Exchange setup. One of our users is facing an issue where emails are directly going into the Deleted Items folder, despite turning off the phone and Outlook app. I checked the Message Trace on M365 and it indicates that the messages were delivered to the Deleted Items folder due to an inbox rule set by the user. I've noticed there are three hidden mail rules, but they don't appear to be responsible for moving or deleting items based on M365's rules. I'm trying to find the identifier of this mysterious rule, and so far there's been no indication in the audit logs for the actions taken over a two-hour period. This is happening internally, but when I send an email to an external recipient, it still goes to Deleted Items. Any thoughts on how to resolve this?
4 Answers
Double-check if there’s an automatic replies rule set up in Outlook. You may need to enable them temporarily to see if there are any rules that still function when auto replies are disabled.
I ran into a similar issue with a customer. Turns out it was caused by legacy rules that were manipulated by a phishing attack. I had to connect to EXO PowerShell to delete all the rules to resolve it. It might be useful to try that too.
This issue happened to me once with a Samsung phone using their email client. There was an odd spam rule set on the device. If I were you, I'd consider deleting all rules and checking any transport rules. I've also seen this crop up with the ESET plugin in Outlook.
It could be worth your time to use PowerShell to verify all the rules associated with that account. We've had cases where accounts were compromised, leading to hidden rules that automatically move emails around, like to the RSS folder. Just a thought!
Yeah, I actually did look into that. There were some legacy rules that I can't delete, but they don't seem to trigger any move or delete action.
It's actually an iPhone, and we powered it down, but the issue still persisted. We even had Outlook off, yet emails still ended up in Deleted Items. I guess I shouldn’t rule out any PC the user might still be logged into.