Recently, we have noticed that Microsoft ZAP has been unexpectedly deleting a significant number of false positive emails from our system. It is important to note that we have not made any alterations to our existing policies or configurations that could have triggered this sudden change in behaviour.
We would greatly appreciate your guidance and support in understanding the potential cause behind this issue and how we can rectify it. What I noticed was that the policy applied to the emails was the Anti-spam policy and the reason for ZAP to move those emails to quarantine was that ZAP classified these emails are 'High Confidence Phish'. However, we haven't made any changes to this policy for a long time.