Microsoft uses storm protection in Office 365 Reply-All Mail, an issue that affects Exchange Online users who are members of large mailing lists that are accidentally blocked.
Reply All Storms (also known as Reply Alpocalypse) are huge chain reaction email sequences that begin when a member of an email mailing list in a large organization replies to all its members using the Reply All feature, in some cases even clicking on the mailboxes of thousands of people with a single click.
The likely result of such a mail storm is an unintentional Distributed Denial of Service (DDoS) attack that could potentially crash one or all of the mail servers used to deliver the huge number of responses exchanged.
The situation becomes even more problematic when others use the Reply to All function, where tens or even hundreds of thousands of mail bombs are delivered to all members of the mailing list within a few hours.
New e-mail storm protection blocks new responses
When a Reply All mail storm occurs in your organization, it can disrupt business continuity and even cause an unexpected delay in your organization’s Office 365 mail flow, Microsoft said last year when they announced the upcoming deployment of Reply All mail protection in Exchange Online.
If the function detects a probable response, the whole storm that occurs on a large DL, it blocks further attempts to respond to all the people in the wire and returns the NDR to the sender, the Microsoft Exchange team announced. The reaction to the whole unit remains in effect for several hours.
The Reply All storm protection function sends a rejection message (also known as NDR) via email to anyone involved in the storm attack if it detects a total of 10 responses – the message is sent to more than 5,000 recipients within 60 minutes.
Response to all Storm Protection Messages (Microsoft)
Subsequent attempts to send additional responses to the email stream will also be automatically blocked during the 4-hour cooling off period.
The time block will be active for a few hours, usually enough time to suppress the end user’s enthusiasm to respond to the power supply, and thus stop the storm before it starts or before it collects a lot of impulses, as Microsoft explains.
Users are informed that their response has not been delivered and that they should no longer use the Reply All feature and send to a smaller number of recipients instead of sending to the entire mailing list.
Storm currents block switching of e-mail channels
This new feature complements other Exchange Online features that are already available to help prevent all Reply All storms (i.e. distribution lists (DL) of authorized senders and receiver restrictions) and reduce their severity and impact.
Over time, when we collect telemetry usage data and customer feedback, we expect the thunderstorm protection function will be refined, adapted and improved to make it even more useful for the broader customer base of Office 365, Microsoft added.
In January 2019, Microsoft employees fell victim to a reaction to the Alpocalypse, after which more than 11,500 of them ended up in a huge avalanche of responses – all letters.
The governments also received their share of the reactions – chaos – as evidenced by the invitation to a festive event sent to the mailing list of some 25,000 Utah employees (almost the entire state staff).cisco email storm,reply all storm protection,replying to all in an email could cause a,microsoft teams,please remove me from this email chain,reply all email disasters,microsoft login,zdnet microsoft teams