Even Microsoft can’t escape ‘reply all’ email storms

Of all the calamities that befall email users, few are more dreaded than the ‘reply all’ storm.

Ask the 11,543 Microsoft employees who reportedly found themselves experiencing the full force of a phenomenon known to science as the ‘cascade effect’.

It seems to have started innocently enough when someone made an unspecified change to Microsoft’s GitHub account, causing an email to be sent to the company’s entire base of registered users of a service it bought last summer for $7.5 billion.

But then, inevitably, a small number of recipients attempted to remove themselves from the thread by hitting reply all.

Doing this has two main effects. First, everyone on the list receives a copy, which if they unwisely respond with a reply all of their own risks the sort of messaging exponential that can bring an email system to its knees as a few thousand emails multiply into millions.

The second is that everyone on the list receives a copy of every message, complete with the sort of sarcastic comments that might embarrass the sender when they realise how many people just read it.

As Microsoft found out, being the world’s largest software company doesn’t make the reply all storm any easier to stop once the cascade has started tumbling.

For reasons that aren’t clear, every time someone hit reply all it re-subscribed every email group, comically overriding attempts by users to mute notifications.

Bedlam DL3 remembered

Eventually, a GitHub admin deleted the discussion, halting the flood but not before older heads dragged up the memory of an even larger Microsoft reply all screw-up from October 1997.

According to accounts, it started with the following employee email addressed to the mailing list that gave the incident its name:

To: Bedlam DL3
Subject: Why am I on this mailing list? Please remove me from it.

At some point in the midst of 197GB of data generated by 15 million emails sent to 13,000 recipients, Bedlam DL3 hit rock bottom when someone sent the following email (using reply all):

Stop using REPLY ALL. You’re just making it worse.

There have been plenty of repeats since then, some even larger.

For example, the 2017 bombarding of 33,000 employees at Thomson Reuters that was honoured with its own hashtag #ReutersReplyAllGate.

Then there was an exasperated article in the New York Times inspired by a similar incident at the newspaper in 2016.

Headline: “When I’m Mistakenly Put on an Email Chain, Should I Hit ‘Reply All’ Asking to Be Removed?”

The body of the article contained just one word: “No.”

For anyone needing more advice, read this previous Naked Security story for guidance.