Feedback by UserVoice

Mike K

My feedback

  1. 123 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Office 365 Security & Compliance  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Mike K commented  · 

    It seems silly you cannot clean out a users outbound queue. We had a user get hacked (credentials stolen). Hacker logged into their O365 account and started spamming all his contacts. We were notified shortly after, I disabled user, changed password, created a transport rule for outbound mail to simply delete the email if it was from this user. Shortly after I got an email from Microsoft saying the user was flagged as spammer and blocked (or similar wording).

    Phew that was close... all safe now... no more email should go out... WRONG. I was monitoring email and i could see that emails were still being passed to our Barracuda (that we have filtering Outbound email also for this reason). I looked up this users queue and could see there were 100's upon 100's of emails stuck in the outbound queue at Microsoft. The status of the messages said "pending" and when you clicked on them they all said something like they were still trying to deliver this mail. Ok so i just need to clear out the Outbound queue. No way to do that? What!?!? We believe the user had fallen for a email scam that swiped his credentials. So I should have been able to change passwords, enable 2 factor auth (that i have had nothing but issues with due to older version of phones and older version of Outlook but that's another story) and we should have been good to go. But wait it is still trying to deliver all this spam. So if i turn on the account and remove all blocks it would have sent out those emails. I had emails still being attempted for delivery i believe up to approx. 36 hours later. Opened a ticket with Microsoft. Took about a week to get back to me and the end result was... no way to clear out the queue. I had to leave the users account disabled for almost 2 days to ensure none of that queued up spam would make it out. That sure doesn't seem like a great solution. Admin need to be able to delete things from the queue.

Feedback and Knowledge Base