Had our first customer get their account compromised last week. Average messages per day was about 10 and spiked up to over 600 over the course of 3 days until it was caught. In the reports for the domain, it clearly shows the outgoing mail. In the delivery logs for the server, it shows the outgoing mail. However, the outgoing mail is not shown in the sent mail folder. How would a hacker with compromised creds logs into the server and send mail on behalf of a user and it not show up in sent?