User claims messages are being delivered to the Deleted Items folder

Yet more apparent weirdness in Exchange - my 3rd post in as many weeks!! Sorry...

So, we have a bunch of mobile users with ActiveSync on their phones set up for their own mailboxes, and there is also a team 'shared' mailbox (not actually set up as 'Shared' in exchange so that it could be logged into via ActiveSync!) which has been set up on their phones also as an additional account.

One of these people claims that he is seeing mail sent to the Shared mailbox address delivered directly to the Shared mailbox's deleted items folder.  I've checked there's no inbox rules in place and there are none.  My theory goes that someone in this little team simply doesn't quite understand what they're doing on their phone, seeing e-mail come in to their phones 'combined inbox' and deleting it because it has no relevance to them.  This then would have the appearance to the other team members that the e-mails are arriving (and remaining in-opened) in the deleted items folder of the shared mailbox.

But I need to prove it somehow.  I've turned on auditing for the shared mailbox in question, like so:

AuditEnabled     : True
AuditLogAgeLimit : 90.00:00:00
AuditAdmin       : {Update, Move, MoveToDeletedItems, SoftDelete...}
AuditDelegate    : {Update, Move, MoveToDeletedItems, SoftDelete...}
AuditOwner       : {Update, Move, MoveToDeletedItems, SoftDelete...}

(There are more auditable 'actions' enabled than displayed here, they've been cut off)

I explicitly enabled all the audit actions for 'Owner' logon type because the team members phones are logging on as the Shared Mailbox's User account.

I just pulled out some of the logs using:

Search-MailboxAuditLog -Identity mailbox@domain.com -LogonTypes Owner,Delegate -StartDate 11/17/2016 -EndDate 11/18/2016 -ShowDetails | Out-file C:\Temp\Audit.log

I can't seem to match up any of the pulled logs with the information being given to me by the user that is complaining about the errant deliveries though - he's pointed out some messages from certain people at certain times, but I can't match those up with anything from the pulled logs at all.

Any pointers?  Ta.