Office 365 Groups, Send As, and the Missing NDRs

Senders Left Without Notice When Send As Messages Fail

Office 365 Groups support the ability to assign the Send As and Send on Behalf of permissions to mailboxes in the same manner as used for personal mailboxes. The Send As permission allows someone to impersonate the group so that messages sent with this permission seem to come from the group. The Send on Behalf of permission allows someone to send as the group, but the message is stamped to show that the sender is not the group but rather its representative. It’s the equivalent of a p.p. (per procurationem) signature on a paper document. Interestingly, you don’t need to be a group member to be assigned Send As or Send on Behalf of permission for the group.

The Problem Report

The first indication of a problem came in a discussion in the Microsoft Technical Community where the question was posed why people who send as an Office 365 group didn’t receive Non-delivery Reports (NDRs). As it happens, after a lot of engineering effort, the NDRs generated by Office 365 are more clearer in terms of telling the sender why their message failed to be delivered and what they must do to fix the problem. Clearly, no action can be taken if a NDR is never received and the original message has literally gone into a black hole.

Investigations proved that:

  • Messages sent from an Office 365 Group using the Send on Behalf of permission to a bad address resulted in a NDR being delivered to the sender.
  • Messages sent to a bad address from a personal mailbox also resulted in an NDR (as expected, but good to check anyway).
  • Messages sent from an Office 365 Group using the Send As permission to a bad address resulted in no NDR being delivered to either the group or the sender.
  • A message trace showed that an NDR was processed, but that the Microsoft Agent agent handling the NDR delivered the NDR to the Deletions sub-folder in the Recoverable Items folder of the group mailbox “because of an inbox role the recipient set up” (Figure 1).
Message trace detail tells us what happened to the NDR
Figure 1: Message trace detail tells us what happened to the NDR

Apart from a reference to a “group escalation agent,” the PowerShell version of the message trace didn’t turn up any more detail.

Rules in an Office 365 Group?

There’s no easy way to create an inbox rule in an Office 365 group mailbox so the explanation offered in the message trace is unlikely to be true. What’s more likely is that some condition causes the Exchange transport service to automatically route NDRs to Recoverable Items. It’s possible that an engineer thought that it would be best to suppress NDRs for messages sent as an Office 365 Group, but it’s hard to understand the logic. In any case, the messages do end up in Deletions (perhaps thanks to that “group escalation agent”). That fact can be confirmed by running the Get-MailboxFolderStatistics cmdlet against the group mailbox:

Questions, Always Questions

The big question is why Microsoft decided to route NDRs for messages sent as an Office 365 Group to the Deletions folder in Recoverable Items. You might also ask why leaving the sender in perfect ignorance of their failed message was deemed to be a good idea? And then ask why the message trace report says that an inbox rule processed the NDR when it’s palpably the case that this didn’t happen. So many questions. Maybe we can get an answer at Ignite.


Need more information about Office 365 Groups? We explain many of the mysteries in the Office 365 for IT Pros eBook. Uncloud your mind with the best and most comprehensive guide to Office 365 available anywhere.

Advertisements

2 Replies to “Office 365 Groups, Send As, and the Missing NDRs”

  1. I noticed the opposite behaviour two years ago, limiting who could sent to an Office 365 group. If you were not allowed you could sent, it wouldn’t deliver to the group, this is expected, but the sender also didn’t get a noticed that he/she wasn’t allowed to send to this group. Message trace did show that a ndr was created, but it was never received by the sender. This let the sender think it did send a email but it would never get a reply.
    I should try if this is still the case.

    1. I guess a number of us have found how things work now, but it’s always good to have another check.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.