Of all the calamities that befall email users, few are more dreaded than the reply-all email storm.
Microsoft is planning to add protection against the Reply-All email storm to Office 365, an issue affecting customers that are members of improperly locked down mail distribution lists.
A Reply-All email storm (a.k.a reply-allpocalypse) is a huge chain reaction sequence of emails that usually starts when one of the members of a large email distribution list replies to the entire list using the “Reply All” feature.
A possible outcome of such an event is an inadvertent Distributed Denial of Service (DDoS) attack that can potentially take down one or more email servers used to deliver the huge amounts of replies exchanged.
Here’s what Microsoft says about the Reply-All Storm Protection –
“When a Reply-All mail storm happens in your organization it can disrupt business continuity and even cause unexpected throttling of your organization’s mail flow within Office 365. While Exchange Online has several features designed to help prevent Reply-All storms (e.g. Distribution List (DL) allowed-sender lists and recipient limits) that reduce the severity and impact of reply-all storms; they can still happen, especially if the DLs haven’t been locked down tightly. Reply-All Storm Protection in Exchange Online will detect when a Reply-All storm is happening (or likely to happen) and will temporarily block users from replying to everyone on the thread. During this “cool down” period the service will send anyone who tries to reply to everyone a bounce message (or NDR); that effectively tells them to not try to reply all to the message. The temporary block will be active for several hours. Usually, enough time to dampen end-user enthusiasm to reply to the thread; and, thus curtail the storm before it gets started or before it gains much momentum.”
The feature is currently in development and is scheduled to launch during the third quarter of 2020, says Microsoft.