Had a ticket regarding 3 different sent emails to 3 different third parties which were getting duplicated into an IT mailbox on Office 365.
I double checked the “rules” under Mail flow to make sure there were no BCC rules for the users sending which there were not.
In MailTrace the emails came up as Status “Expanded”. This means the email has been sent to a group, however the original email was sent to a Single External Email address?
Why was the external email being displayed as a group in 365?
Turns Out the Outbound Spam Preferences had been turned on! And for whatever reason, these items were triggering the BCC of suspicious messages!