Admins may be receiving copies of outbound email to external parties originating from other users in their organization

Title: Admins may be receiving copies of outbound email to external parties originating from other users in their organization
User impact: Admins may have received an unexpected amount of outbound email copies to external parties originating from their users.
More info: Admins may have noticed a large number of legitimate emails were being incorrectly flagged as spam and resulting in copies of these emails being sent to all delegated TenantAdmins (GlobalAdmins) group as per default alert and outbound policy settings. Additional information on outbound spam policies can be found here: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/outbound-spam-policies-configure?view=o365-worldwide.
Additionally, affected emails intended for recipient organizations may have been sent into a quarantine and affected/impacted internal users’ ability to send messages as well.
Final status: After extensive monitoring and follow-up analysis of our mitigation and reprocessing efforts of the previously miscategorized spam messages, we’ve confirmed this issue has been resolved. However, as part of our reprocessing efforts, some admins may have experienced temporary impact in the form of a secondary stream of inbound duplicate notification messages for outbound mails within their inbox while their organization completed the message replay. These duplicate notifications do not indicate actual re-delivery of the email messages themselves and were solely provided to correct notifications going to the spam mailbox.
Scope of impact: This issue would have affected admins or users in your organization if they are delegated to receive a copy of email that has been flagged as potential outbound spam or high-risk delivery mail by the default alert policies. Additionally, this would have affected a recipient organization by sending the affected email into quarantine.
Start time: Tuesday, October 17, 2023, at 4:00 PM UTC
End time: Tuesday, October 17, 2023, at 11:30 PM UTC
Preliminary Root cause: A recent service change to outbound spam policy processing contained a code issue that caused an unintended increase in false-positive anti-spam emails which resulted in copies being sent to delegated recipients at an unexpected high rate and flooding their mailboxes as well as sending messages per default policies.
Next Steps:
– We’re reviewing the recent service change to detect and reduce the amount false positive anti-spam emails in the future.
We’ll publish a Post-Incident Report for this event within five business days.