Users are flooded with NDR emails (GraphTransactionItem)[ New ]
Hello! We desperately need help in determining where thousands of NDR emails are coming from. This is Exchange Online only, not a hybrid deployment.
About a month ago all mailboxes on one of the domains started receiving NDR emails with a subject similart to this: "Undeliverable: GraphTransactionItem:gti gti.TransactionId:8ab6ade9-1783-4d96-xxxx-b7a2b1df83fb gti.Name:UpdateSecondaryShallowCopy”. The transaction names sometimes are different, and so far we got emails with 4 types of Graph transactions:
Microsoft Support engineers have no idea what is going on and how to resolve this issue, and our users are getting very impatient since they all are receiving thousands of NDR emails per week.
We tried to create transport rules to stop those emails but somehow they have no effect, and so does the NDR backscatter setting.
All emails are sent from Microsoft Outlook <MicrosoftExchange329e71ec88ae4615bbc36ab6ce99999e@domainname.onmicrosoft.com> and all users on that domain receive them. There are also multiple addresses similar to this SPO_Arbitration_d91eee03firstname.lastname@example.org to which the GraphTransactionItem emails are sent but fail to be delivered (#Receive, Fail). This has made me think that it has something to do with arbitration mailboxes. I’m not an Exchange expert, my specialty is SharePoint, so I could only guess. But hopefully this will make sense to someone and this mistery will be solved!
If this might helps, I can provide a sample of the NDR email.