🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Exchange Online

How to Track Undelivered Emails in Exchange Online

As an admin, it is crucial to ensure that the emails sent from the organization reach the intended mailboxes without any disruptions. For maintaining collaboration and domain reputation, it is essential to ensure that emails are not rejected due to spam, phishing, etc. By closely tracking undelivered emails in Microsoft 365, admins can promptly identify email delivery issues and take necessary actions. This guide provides effective ways to monitor undelivered emails and strategies to improve email reliability and prevent communication breakdown.

Using Exchange Admin Center

Microsoft 365 Permission Required
View-Only Recipients Role Least Privilege
Global Admin Most Privilege
  • Login to the Exchange admin center.
  • Navigate to the Message Trace under the Mail flow tab.
  • Click on Start a trace, then specify a time range and set the delivery status to Failed.
  • If your specified time range is 10 days or less, choose Summary report as the report type.
  • Click Search to instantly track the recent undelivered emails.
Using Exchange Admin Center
  • To retrieve logs for up to 90 days, choose either the Enhanced Summary Report or the Extended Report (detailed report). The report will be generated as a CSV file and sent it to your specified email address.
  • To use these options, you must provide the sender/recipient addresses or message ID. You can also download the reports from the Downloadable reports page in the Message trace tab.

Using Windows PowerShell

Microsoft 365 Permission Required
View-Only Recipients Role Least Privilege
Global Admin Most Privilege
  • Connect to Exchange Online PowerShell module.
  • Windows PowerShell Windows PowerShell
     Connect-ExchangeOnline
  • Run the following cmdlet to get undelivered emails from the past 10 days.
  • Windows PowerShell Windows PowerShell
     Get-MessageTrace -Status Failed
Using Windows PowerShell
  • To get undelivered emails for the past 90 days, use the 'Start-HistoricalSearch' cmdlet. It extends the search beyond the 10-day limit of the 'Get-MessageTrace' cmdlet.
  • $mb=(Get-Mailbox -ResultSize Unlimited | ?{$_.RecipientTypeDetails -ne "DiscoveryMailbox"} | Select -ExpandProperty PrimarySmtpAddress) -split ','
    Start-HistoricalSearch -ReportTitle "<ReportTitle>" -StartDate "<MM/DD/YYYY>" -EndDate "<MM/DD/YYYY>" -ReportType MessageTrace -DeliveryStatus Failed -SenderAddress $mb -NotifyAddress "<NotifyAddress>"
  • The report will be sent to the email address specified in the ‘<NotifyAddress>’, or it can be downloaded from the Downloadable reports page.

AdminDroid’s Intuitive Capabilities for Seamless Monitoring of Undelivered Emails!

AdminDroid's Email activity reports help you find undelivered emails in Outlook, enabling quick identification of delivery issues through the following capabilities:

Audit Transport Rules for Consistent Email Delivery

Keep track of transport rule changes to quickly identify and address any modifications that could lead to undelivered emails due to misconfigurations.

Get Regular Updates on Undelivered Emails

Audit undelivered emails by scheduling reports to be received in your inbox daily, weekly, or monthly, providing timely insights to ensure communication effectiveness.

Monitor Message Delivery Restriction in EXO

Review message delivery restrictions in Exchange Online to manage sender permissions, prevent unauthorized access, thereby reducing the risk of undelivered emails.

Track DKIM Changes to Avoid Email Rejections

Keep an eye on DKIM configuration changes to reduce the risk of undelivered emails caused by authentication failures and identify factors that may lead to legitimate emails being flagged or rejected.

Review Mail Protection Insights to Enhance Security

Monitor mail protection & email security reports to identify spam, malware, phishing, and spoofing activities that affect proper email delivery.

Monitor M365 Mailbox Quotas to Prevent Email Bounces

Regularly check the mailbox quota report to prevent missing important emails and ensure critical messages aren't lost due to overfilled mailboxes.

In addition to retrieving undelivered emails, AdminDroid's Microsoft 365 Email monitoring tool offers clear metrics on email traffic, mail protection, app usage, inactive users, and more.

Explore a full range of reporting options

Important Tips

Understand and configure SPF, DKIM, and DMARC authentication methods to prevent attackers from spoofing your organization's identity and to improve domain reputation and trust.

Configure outbound spam policies in M365 to protect your organization's reputation and ensure important emails such as customer campaigns, reach inboxes instead of spam folders.

Regularly monitor mail flow reports to detect and mitigate email threats, ensuring that critical emails reach their intended recipients without any delivery issues.

Common Errors and Resolution Steps

The following are the possible errors and troubleshooting hints while exploring undelivered emails in Microsoft 365.

Error The term 'Get-MessageTrace' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error will occur if the Exchange PowerShell module was not installed properly.

Fix Install the Exchange PowerShell module. If it is already installed, updating it could resolve the issue.
// Run the below cmdlet to install it.
Install-Module ExchangeOnlineManagement
// Run the below cmdlet to update it.
Update-Module ExchangeOnlineManagement

Error Invalid StartDate value. The StartDate can't be older than 10 days from today.

This error occurs when running the ‘Get-MessageTrace’ cmdlet with StartDate more than 10 days earlier than today's date.

Fix Ensure that the StartDate parameter in the ‘Get-MessageTrace’ command is within the allowed range. Adjust the StartDate to be within the last 10 days from today.

Error Microsoft.Exchange.Management.Tasks.ValidationException | MessageTraceId is a required field.

This error occurs when the MessageTraceId parameter has not been provided while running the 'Get-MessageTraceDetail' cmdlet.

Fix When executing the ‘Get-MessageTraceDetail’ cmdlet, ensure you’ve included the MessageTraceId parameter with the appropriate ID.

Error Please provide at least one of the following fields: sender address, recipient address, or message ID.

This error occurs in the Exchange admin center when selecting the report type as Enhanced summary report or Extended report without specifying at least one required field.

Fix Ensure that you provide at least one of the required fields to generate the report successfully.

Error Warning: The command completed successfully, but no settings of ‘X’ have been modified.

This error message occurs when attempting to enable or disable a non-delivery report for a remote domain that is already in the desired state.

Fix Verify the existing settings of domain 'X' using the following cmdlet and do the necessary changes.
Get-RemoteDomain -Identity <RemoteDomainName> | Select-Object -Property DomainName, Name, NDREnabled

Frequently Asked Questions

Audit Undelivered Emails to Address Email Delivery Issues in Microsoft 365

What are the reasons for undeliverable emails in Microsoft 365?

What are the reasons for undeliverable emails in Microsoft 365? +

Identifying the reasons for undelivered emails is vital for organizations to resolve disputes, improve email deliverability, and maintain a positive reputation with clients and stakeholders. Here are some common reasons for the undeliverable status of emails.

  • Invalid email address: When the recipient's email address is misspelled or non-existent, delivery failures occur.
  • Recipient's mailbox full: If the recipient's mailbox has reached its storage limit, it cannot accept new emails, and the emails will bounce back to the sender.
  • Mail server issues: When the recipient's mail server experiences downtime or technical problems, email delivery will be hindered.
  • Spam filters Emails may be blocked if spam filters flag them as unwanted due to content or attachments.
  • IP blacklisting: If the sender's IP address is listed for sending spam or malicious content, the email may be rejected.
  • Domain issues: If there are DNS problems with either the sender's or recipient's domain, email routing can be disrupted.
  • Recipient's mailbox settings and strict transport rules: When a recipient's mailbox is set to reject emails from specific domains or senders, or when administrators set mail flow rules to block certain sources, email delivery may fail.

How to improve email deliverability in Exchange Online?

To ensure that all messages sent from your organization reliably reach the intended recipients' inboxes, maintaining trust and enhancing the email deliverability is essential. Here are the strategies to improve deliverability in Exchange Online:

  • SPF: Configure SPF (Sender Policy Framework) records in your DNS to specify which mail servers are authorized to send emails on behalf of your domain. This helps to reduce the risk of spoofing and phishing attacks.
  • DKIM: Enable DKIM (DomainKeys Identified Mail) to add a digital signature to your emails. This signature is verified by recipients’ mail servers to ensure that the email has not been tampered with during transit and to confirm its authenticity.
  • DMARC: Implement DMARC (Domain-based Message Authentication, Reporting, and Conformance) to manage SPF and DKIM failures, enforce policies, and receive feedback for enhancing email security and deliverability.
  • IP and domain reputation: Maintain a good reputation for your sending IP addresses and domain by avoiding spam complaints and blacklisting. Ensure you send emails to valid addresses while keeping bounce rates and complaint rates low to have smooth mail flow.
  • Avoid spam triggers: Avoid excessive use of capital letters, exclamation marks, and spammy keywords to prevent emails from being flagged as spam.

How to find the reasons for the undeliverability of specific emails in Exchange Online?

How to find the reasons for the undeliverability of specific emails in Exchange Online? +

Examining undelivered emails is crucial for organizations to resolve message delivery failures and ensure smooth communication. When an email fails to be delivered, the sender typically receives a non-delivery report (NDR) in Outlook, if configured. This report helps identify the reason for the delivery failure, allowing the sender to address the issue or consult with an admin to resolve it.

Admins can further investigate and troubleshoot email delivery issues using the methods outlined below:

Find the root cause of an email delivery failure using EAC

  • Navigate to the Message trace page in the Exchange admin center.
  • Click on Start a trace and select a time range (up to 10 days).
  • Set the delivery status to Failed and choose Summary report as the report type.
  • Then, click Search to view the search results of undelivered emails.
  • Click on a record to view detailed information about the undelivered email. There, you can select the respective failed event under message events to identify the root cause of the message failure.
message-trace-exchange-admin-center
undelivered-emails-message-events

Find the reasons for undeliverable emails using PowerShell

To identify bounced emails or find undelivered mail returned to the sender in Outlook using PowerShell, you need to know the message ID of the specific message. You can use the following cmdlet to obtain the message ID of undeliverable emails in Outlook.

Get-MessageTrace -Status "Failed" | Select-Object Received, MessageId, SenderAddress, RecipientAddress
powershell-undelivered-emails-message-trace-

Run the below cmdlet in PowerShell to determine why the delivery failed for the specific email.

Get-MessageTrace -MessageId  <MessageID> | Get-MessageTraceDetail
powershell-undelivered-emails-message-events

Investigate email delivery issues using Microsoft Defender

While mail flow reports provide the reason for undeliverability, the Microsoft Defender portal offers additional details and context about the email.

  • Navigate to the All email page in the Microsoft Defender portal.
  • Choose the Latest delivery location option from the Sender address drop-down and set it to Failed. Adjust the date and time as needed (up to a maximum of 30 days).
  • Click on the Refresh button to get a list of undelivered emails.
  • In the Email tab, click on the Open in new window icon associated with the respective email.
  • There, you can use the corresponding tabs to investigate the email based on the timeline, attachments, URLs, and similar emails. Specifically, you can use the Analysis tab to analyze threat detection, email authentication, and more.
undelivered-emails-microsoft-defender
undelivered-emails-analysis-view-microsoft-defender

To proactively track email delivery in Exchange Online, AdminDroid offers a robust solution!

  • With AdminDroid's All Mails report, you can effortlessly track mail flow trends and get detailed insights on sent and received messages.
  • Further analysis of this report's metrics can reveal ways to improve email deliverability and reduce Microsoft 365 undeliverable messages.
all-mails-report

Pro Tip: Use the Status filter to display only the emails that are delivered, failed, filtered as spam, pending, quarantined, and more.

How to get a list of non-delivery reports based on error code in Exchange Online?

How to get a list of non-delivery reports based on error code in Exchange Online? +

A non-delivery report (NDR) is sent to the email sender when delivery fails, detailing the failure reason, error code, and more. Analyzing NDRs helps admins understand patterns and frequency of email delivery failures. Examining the list of outbound undeliverable email reports (NDRs) enables admins to fix email deliverability issues.

Find the list of non-delivery reports generated using EAC

  • Navigate to the Non-delivery report page in the Exchange admin center.
  • There, you can find the list of NDRs generated in the last seven days.
  • To track NDRs received by your users based on specific error codes, filter the report by the desired error code and adjust the time period for up to 90 days.
non-delivery-report-ndr-exchange-admin-center

How to disable non-delivery reports (NDR) in Exchange Online?

How to disable non-delivery reports (NDR) in Exchange Online? +

To prevent external users from gaining insights into internal configurations and undelivered emails, admins often prefer to disable NDRs for external users.

As an admin, you typically have the capability to block the delivery of NDRs for all external users. If you want to block NDRs only for specific external domains, you need to create a remote domain for each one.

Turn off NDRs in Exchange Online

  • Navigate to the Remote domains page in the Exchange admin center.
  • To disable NDR reports for all external domains (remote domains), click on the Default domain (*). Alternatively, to block NDRs for a specific domain, select the appropriate remote domain.
  • Under Message reporting, click on the Edit message reporting option and uncheck Allow non-delivery reports checkbox to prevent NDRs from being sent when a message delivery is failed.
  • Click Save to apply the changes.
remote-domains-ndr-exchange-admin-center

Note: For any reasons, to re-enable the non-delivery reports for a remote domain, enable the Allow non-delivery reports option under the respective domain settings.

Enable or disable NDR reports for remote domains using PowerShell

Run the below cmdlet in Exchange Online PowerShell to disable NDR reports for all external domains.

Set-RemoteDomain -Identity Default -NDREnabled:$false

To disable the NDR reports for specific domains, you need to know the identity of remote domains. You can obtain the identity of all the remote domains by running the following PowerShell cmdlet.

Get-RemoteDomain –ResultSize Unlimited | Select-object Guid, Name, DomainName, NDREnabled

Run the below cmdlet with the appropriate domain name to disable NDR reports for the specific remote domain.

Set-RemoteDomain -Identity <RemoteDomainName> -NDREnabled:$false

Run the below cmdlet with the appropriate domain name to enable NDR reports for the specific remote domain.

Set-RemoteDomain -Identity <RemoteDomainName> -NDREnabled:$true

Keep track of remote domain configuration changes with AdminDroid!

  • AdminDroid's Remote Domain Configuration report allows you to monitor changes made on remote domains, ensuring proper configuration for effective email delivery and security.
  • This report provides details like event time, performed operation, performed user, domain name, modified properties, and more.
remote-domain-configuration-changes-report-admindroid
+

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
User Help Manuals Compliance Docs
x
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!