Mail sent from an address which is in a HAT group with "Relay" behaviour specified will be treated as outgoing - so have the Outgoing mail policy applied. You presumably don't have media attachements blocked on your outgoing policy.Quarantines aren'...
I have recently been looking in to something which sounds very similar Looking at the Incoming Mail report (by IP) I was seeing (IP address and domain info obfuscated): Sender IP AddressHostnameDNS VerifiedSBRSLast Sender GroupTotal AttemptedStopped...