Hello everyone.... first post here.
I have a question about proof of delivery to an external email address. The seems to have been some malware or malicious activity within our organization. Over a period of three days there were ~2000 emails forwarded to a gmail.com address from our exchange server. I had the admin send the email trace and while analyzing it I see that all the messages had an event_id of "sendexternal". The admin and others have assured me that none of the messages made it to the gmail.com address as none of them showed "deliver" as the event_id. I am not convinced that this is the case. Am I wrong or is there a way to prove the messages were delivered or not. Please excuse my ignorance on exchange as I'm just the Security Analyst.
Regards,