After announcing that it would add protection against reply-all email chains last year, Microsoft has rolled out a new feature to Office 365 customers to do just that.
An email storm typically occurs when a member of a large email distribution list, such as a company wide email at a large organization, replies to all of the recipients using the reply-all feature. This can inadvertently trigger a DDoS attack that has the potential to take down the email servers used to deliver the huge amount of replies sent during the storm.
Email storms occur quite frequently and Microsoft itself suffered two of these incidents in January and March of this year. The first involved 11,500 of the company’s employees while the second was much larger and included more than 52,000 employees.
During last year’s Microsoft Ignite conference, the software giant announced that it would begin working on a new feature to help prevent reply-all email storms on Office 365 Exchange email servers and the new feature has now begun to roll out to Office 365 users worldwide.
Reply All Storm Protection
According to Microsoft, its Reply All Storm Protection feature is currently able to block all email threads with over 5,000 recipients that have generated more than 10 reply-all sequences within the last 60 minutes.
Once the feature gets alerted that an email storm is occurring, Exchange Online will block all replies in an email thread for the next few hours in order to help servers prioritize actual emails while working to shut down the reply-all email chain.
Microsoft plans to continue working on the feature in the future and the company has promised to add controls for Exchange admins to allow them to set up their own email storm detection limits. The Exchange Team provided more details on how the feature will work and on its plans for future updates in a blog post, saying:
“Initially the Reply All Storm Protection feature will mostly benefit large organizations who have large distribution lists. When the feature detects a likely reply all storm taking place on a large DL it will block subsequent attempts to reply all to the thread and will return an NDR to the sender. The reply all block will remain in place for several hours. Over time, as we gather usage telemetry and customer feedback, we expect to tweak, fine-tune, and enhance the Reply All Storm Protection feature to make it even more valuable to a broader range of Office 365 customers.”