Microsoft adds protection against Reply-All email storms in Office 365

Redmond adds protection against massive "Reply-All" email storms after suffering two internal incidents in 2019 and 2020.

Office 365 gets Reply-All protection to prevent server crashes
0:59

Microsoft rolled out this week a new feature to Office 365 customers to help their IT staff detect and stop "Reply-All email storms."

The term refers to situations when employees use the Reply-All option in mass-mailed emails, such as company-wide notifications.

Also: Microsoft 365 (formerly Office 365) for business: Everything you need to know 

If the number of recipients in the email chain is large, and if multiple employees hit the Reply-All button, then the ensuing event generates massive amounts of traffic that usually slows down or crashes email servers.

Such events happen almost all the time, and, at one point or another, a company is going to have email servers go down because of employees participating and amplifying Reply-All storms as a prank.

Microsoft, too, has suffered two such incidents already, the first in January 2019, and a second in March 2020. The Microsoft Reply-All email storms included more than 52,000 employees, who ended up clogging the company's internal communications for hours.

Last year, at the Microsoft Ignite conference, Microsoft announced it would work on a feature that would help prevent Reply-All email storms on Office 365 Exchange email servers.

The feature started rolling out this week to all Office 365 users worldwide. In its current form, Microsoft says the "Reply All Storm Protection" feature will block all email threads with more than 5,000 recipients that have generated more than 10 Reply-All sequences within the last 60 minutes.

Once the feature gets triggered, Exchange Online will block all replies in the email thread for the next four hours, helping servers prioritize actual emails and shut down the Reply-All storm.

Microsoft said it would also continue working on the feature going forward, promising to add controls for Exchange admins so they can set their own storm detection limits.

Other planned features also include Reply-All storm reports and real-time notifications to alert administrators of an ongoing email storm so that they can keep an eye on the email server's status for possible slowdowns or crashes.

And since Microsoft has had its run-ins with email storms recently, its own network proved the best testing ground for the feature.

"Humans still behave like humans no matter which company they work for," the Exchange team said this week. "We're already seeing the first version of the feature successfully reduce the impact of reply all storms within Microsoft."