Skip to main content

Microsoft wants to kill off "reply all" email chains

Email warning
(Image credit: Shutterstock)

Microsoft has announced that it is planning to add protection against “reply all” email chains in to Office 365.

An email storm (also known as a reply allpocalypse) is a huge chain reaction sequence of emails that typically begins when a member of a large email distribution list replies to the entire list using the “reply all” feature.

When an email storm occurs, recipients trying to respond to the message can inadvertently trigger a Distributed Denial of Service (DDoS) attack that has the potential to take down the email servers used to deliver the huge of amount of replies sent during the storm.

In fact, at the beginning of this year, 11,500 of Microsoft's own employees fell victim to an email storm in which they were caught up in a gigantic reply all email thread.

Reply-All Storm Protection

Exchange Online already has several features to help prevent email storms or at least reduce their severity and impact and these include a Distribution List (DL), allowed sender lists and recipient limits. However, email storms can still occur especially if a DL has not been locked down tightly.

Microsoft's new Reply-All Storm Protection is slated to arrive in Exchange Online during the third quarter of 2020 and the feature works by detecting when an email storm happens or is likely to happen. It then automatically blocks the users in an email thread from replying to each other for a limited amount of time.

In an update to its Microsoft 365 Roadmap, the software giant explained how the new feature will work, saying:

“Reply-All Storm Protection in Exchange Online will detect when a Reply-All storm is happening (or likely to happen) and will temporarily block users from replying to everyone on the thread. During this "cool down" period the service will send anyone who tries to reply to everyone a bounce message (or NDR) that effectively tells them to not try to reply all to the message. The temporary block will be active for several hours, usually enough time to dampen end-user enthusiasm to reply to the thread, and thus curtail the storm before it gets started or before it gains much momentum.”

Via Bleeping Computer