We have set up a transport rule on our Exchange 2010 server to bcc emails received by a particular account to several other people in our company. The emails in question are responses to a mass mailing, some of which inevitably turn out to be delivery failure notices. Nobody wants to get the failure notices, only valid replies. I posted a screenshot of the rule I set up, which includes exceptions for common failure notices. Most of these cases are handled correctly, but about one in twenty is bcc'd anyway, despite having the same criteria as the ones that are caught.
For Instance, one email from "Mail Delivery Subsystem" with heading "Undeliverable: xxxx" gets caught, while another with identical sender and heading is bcc'd to everyone.
SP3 RU10 is the latest.
The logic in the rule looks fine.