Forum Discussion
Malware Detections Report
Probably is, but it's hard to guess without at least seeing the Message trace logs. Open a support case, just to be on the safe side.
Thanks for the response. I opened up a support case shortly after posting on here. Response from them was it was probably nothing to worry about but on pressing them I asked them to provide some advice to understand what it may be. Up until now the steps they have asked have been unfruitful in tracking down any information.
During my own investigation I found that the SPO_Arbitration thing may have come about from a rule we have setup to send specific emails (Mainly zip attachments) to an exchange approval assistant mailbox. When these mails are not responded to within 2 days the message is automatically expired and a message is sent to the sender. This often means if an email contains a zip file with a malicious file and is expired then the mail flow shows the email going outbound from our domains with the SPO_Arbitration prefix.
This is my theory and I have an email sitting in the Exchange approval mailbox awaiting to be expired so I can follow it.
