• Microsoft will add protection against Reply-All email storms for Office 365 users, a problem that affects all members of mail distribution lists which are improperly locked down.
  • The reply-allpocalypse is a huge chain reaction sequence of emails triggered when one of the members of a large email distribution list replies to the entire list using the Reply All option.
  • Read all there is to know about Office 365 in our Microsoft Office 365 section.
  • If you don't want to be left behind with technology, go to our News Hub for the latest stories.
Microsoft offers protection against Office 365 reply all mailstorm

Microsoft will add protection against Reply-All email storms for Office 365 users, a problem that affects all members of mail distribution lists which are improperly locked down.

The reply-allpocalypse is a huge chain reaction sequence of emails triggered when one of the members of a large email distribution list replies to the entire list using the Reply All option.

The result may be a DDoS (Distributed Denial of Service) attack that can take down one or more email servers that handle the huge amounts of replies.

More than one year ago, government employees from Utah got in the middle of reply-all chaos when an invitation to a holiday event was sent to a huge mailing list with some 25,000 state employees. Imagine the chaos for such a trivial matter.

Microsoft Office 365 users will be blocked from replying

Microsoft describes the reply-allpocalypse:

When a Reply-All mail storm happens in your organization it can disrupt business continuity and even cause unexpected throttling of your organization‘s mail flow within Office 365.

While Exchange Online has several features designed to help prevent Reply-All storms (e.g. Distribution List (DL) allowed sender lists and recipient limits) that reduce the severity and impact of reply-all storms, they can still happen, especially if the DLs haven’t been locked down tightly.

Microsoft Reply-All Storm Protection will come in Q3 2020

The new Reply-All Storm Protection is planned to arrive in Exchange Online during Q3 2020. The system works by detecting when Reply-All storms happen or are likely to happen and automatically blocking the users from replying to each other for a limited amount of time.

In this time out period, the email service will deliver a Non-Delivery Receipt (NDR) message (bounce message) that will stop them to reply to the message sent using Reply All.

The temporary block will be active for several hours, usually enough time to dampen end-user enthusiasm to reply to the thread, and thus curtail the storm before it gets started or before it gains much momentum

, adds the Microsoft development team in the Microsoft 365 roadmap entry.