Reply to all storms can disrupt routine email delivery and cause huge problems for your business. A new feature for Exchange Online can mitigate this but the solution to the problem has been there all along. Learn how to correctly configure large distribution lists to prevent a reply to all storm in your organisation.
Email reply to all storms aren’t a new thing and they’ve happened to the biggest and best of organisations. Microsoft had an incident in 1997 referred to as the Bedlam DL3 incident. In 2018, the NHS in the UK had a similar issue.
Microsoft recently introduced a new feature into Exchange Online discussed in their blog post at https://techcommunity.microsoft.com/t5/exchange-team-blog/reply-all-storm-protection-in-exchange-online/ba-p/1369811 and it’s great that feature is now there, however, has the solution to reply to all storms been there the whole time?
To write this post, we tried to research when the feature was very first introduced. The short answer was that we couldn’t determine exactly, however, we know that it’s existed since Exchange Server 2010 and possibly beforehand too.
What is a reply to all storm?
Simply, a reply to all storm is when so many people use the reply to all button in Outlook to reply to an email that was sent to a large distribution list it causes a backlog in the messaging infrastructure, the Exchange Servers, that causes them to slow down the delivery of routine email.
In the worst of these situations, message queues on the Exchange Servers could queue to such a length that they fill up the disk on the server that stores the backlog resulting in the service going offline and unable to accept new messages.
The new reply to all storm feature
Don’t think that we are ungrateful of the new feature: it is welcome for general purpose protection, however, if you read the article we referenced you will see that it’s non-configurable. The feature kicks in when it detects 10 reply to all actions to over 5,000 recipients within 60 minutes. The issue here is that the problem has already started and you are just delaying it.
The new feature is really just a plaster stuck over the underlying problem of misuse of large distribution lists. Yes, there may be scenarios where distribution lists are set-up and configuration steps are missed which this will protect against, however, in a well configured and maintained environment, it wouldn’t be possible in the first place.
The feature also doesn’t cater to smaller organisations where you may not even have 5,000 recipients to trigger the reply to all storm protection.
Limiting access to large distribution lists to prevent reply to all storms
Distribution Lists allow us to configure two critical delivery management settings. Both of these settings can be used in conjunction to provide both protection against a reply to all storm but can also help users battling with their mailboxes by ensuring that people aren’t over-sharing emails with too many people.
- Delivery management
- Message approval
Delivery management, the first of the two options, allows us to control who can email a distribution list in the first instance. If you have a distribution list for your entire organisation, should anyone be able to email that or just a select group of users?
If you want to allow users to be able to send out mass messages then perhaps delivery management isn’t the right option for you, however, it’s certainly there and has been for some time.
Message approval allows you to define one or more people to be approvers for the list. When an email is sent to the distribution list a single copy of the email is sent to the approver first. Once they approve the message it will then be delivered to the members of the list.
Managing your email environment
At Arcible, we’ve been working with Microsoft Exchange and Exchange Online for many years and can help you set-up examples like we’ve shown in this post to ensure that your environment is properly managed to prevent misuse.
If your organisation is moving towards using Microsoft Teams as your primary messaging tool for users and away from email, how are you managing and controlling access such as Team membership, Messaging policies, and more.