Microsoft is planning to add protection against Reply-All email storms to Office 365, an issue affecting customers that are members of improperly locked down mail distribution lists.
A Reply-All storm (also known as reply-allpocalypse) is a huge chain reaction sequence of emails that usually starts when one of the members of a large email distribution list replies to the entire list using the “Reply All” feature.
A possible outcome of such an event is an inadvertent Distributed Denial of Service (DDoS) attack that can potentially take down one or more email servers used to deliver the huge amounts of replies exchanged.
Microsoft employees recently fell victim to reply-allpocalypse during January 2019, with over 11,500 of them being caught up in a gigantic reply-all email thread as Business Insider reported.
Government employees have also gotten their own share of reply-all chaos as shown by a Sacramento Bee report from one year ago describing how a mundane invitation to a holiday event was sent to a mailing list with roughly 25,000 Utah state employees — comprising almost the entire state workforce.
— Joe Dougherty CEM (@PIO_Joe) December 7, 2018
Users temporarily blocked from replying
“When a Reply-All mail storm happens in your organization it can disrupt business continuity and even cause unexpected throttling of your organization’s mail flow within Office 365,” Microsoft stated.
“While Exchange Online has several features designed to help prevent Reply-All storms (e.g. Distribution List (DL) allowed sender lists and recipient limits) that reduce the severity and impact of reply-all storms, they can still happen, especially if the DLs haven’t been locked down tightly.”
The new Reply-All Storm Protection planned to arrive in Exchange Online during Q3 2020 works by detecting when Reply-All storms happen or are likely to happen and automatically block the involved users from replying to each other for a limited amount of time.
While this so-called “cool down” phase, the email service will deliver a Non-Delivery Receipt (NDR) message — also known as a bounce message — that will prevent them to reply to the message sent using “Reply All.”
“The temporary block will be active for several hours, usually enough time to dampen end-user enthusiasm to reply to the thread, and thus curtail the storm before it gets started or before it gains much momentum,” the development team adds on the planned feature‘s Microsoft 365 roadmap entry.
Office 365 email security improvements
Redmond is also currently working on enhancing the way emails secured with the help of the Office 365 Message Encryption (OME) service are seen by mail servers to the effect of them being less likely to be marked as spam and sent straight to the Trash folder, sometime during January 2020.
A new malware Zero-hour Auto Purge (ZAP) toggle is rolling out to the Office 365 Security & Compliance Center making it simpler to enable the feature that detects and removes phishing, spam, or malicious email messages that already landed in a user’s inbox.
Microsoft works on developing a feature dubbed ‘Unverified Sender’ that should help users identify potential spam or phishing emails that reach their Outlook client’s inbox.
Authenticated Received Chain (ARC) for all for Office 365 hosted mailboxes also started rolling out in October, as part of larger-scale effort to improve anti-spoofing detection and checks authentication results throughout all environments.