Do you use the Reply All option when responding to emails? If you do, and you aren’t careful, you could be replying to hundreds of people and contributing to what is known as a Reply All Storm. Also known as an Email Storm or The Reply All-pocalypse, these events typically occur when a large email distribution list is included as a recipient in an email by mistake. Reply All Storms can result in sensitive data leaks, confusion, and in some extreme cases, email outages.
How does a Reply All Storm Happen?
There are several ways that a Reply All Storm can start, but the most common looks something like this:
Mike wants to send an email with sensitive information to Joe, Amy, & Sarah.
Mike accidently chooses the All Staff address instead of Amy’s and inadvertently sends the sensitive email to everyone in the company along with Joe & Sarah.
The Reply All Storm begins when staff members start using the Reply All option in Outlook to inform Mike that he sent an email by mistake. The Reply All option includes the All Staff distribution list, so every time someone uses Reply All, everyone receives another email.
At this point, everyone in the company has received dozens of messages and employees begin requesting to be removed from the thread or pleading that responders stop using Reply All. This only exacerbates the storm and before long hundreds or thousands of messages have been sent to every member of the staff.
How To Avoid Reply All Storms:
If you are a Microsoft 365 user, you are in luck. Microsoft provides options to restrict or monitor emails sent to distribution groups in order to prevent Reply All Storms. There are two ways that you can restrict delivery management of your organization’s distribution lists within the Microsoft 365 Exchange Admin Center.
Delivery Management allows you to control who can send email to a specific distribution list. If you have one or more large distribution lists, we encourage you to limit those that can send to key personnel only. You can do so by adding those key personnel to the box shown below within your organization’s Exchange Admin Center.
Message approval works by allowing anyone to send to a distribution group, but to require approval before delivery. You can assign one or multiple staff members as moderators of distribution groups and only after they approve a message will it be delivered. This allows for anyone to send to a large group with the added security of having a reviewer approve it for delivery. You can add moderators to the box shown below within your organization’s Exchange Admin Center.
We strongly recommend that you review your Microsoft 365 distribution list settings to prevent a Reply All Storm in your organization. If you are interested in migrating to Microsoft 365, increasing your email security, or general IT support and management, reach out to us today!