A (reply all) email bomb
Posted by Rax_Idgara@reddit | talesfromtechsupport | View on Reddit | 34 comments
A few years ago, but still makes me laugh. I'm a programmer (unrelated to post), so I know enough to be dangerous to the Help Desk team, lol.
On a "managed" outlook email service for the entire county (sheriff, fire, social services, public works, $#@%^&* everybody...). And we are BIG. Of course, they are fans of 'distribution groups'. With groups of groups of groups.
No surprise, somebody sent a multi-group email to multiple parent groups. Cascading groups means we are talking 10k+ users easy. Right before lunch, so nobody was actively monitoring the system to quickly respond. Somebody from my department is the first one to 'reply all' asking to be removed from the chain.
AND SO IT BEGINS...
Within minutes, I am setting up an outlook rule to filter emails by subject line, to a temp folder. Replies are coming in HOT.. "Please remove..." & "Why am I included..." & "stop Reply All..." & trolls with "Howdy new friends..."
Absolute GLORIOUS chaos.
One of my direct coworkers joins the fray in the initial wave, a supervisor who should have known better. Within 5 minutes, he had thousands of automated "read receipts"... You send one email and everyone that clicks on it, generates a auto-reply... Good in theory, for accountability, but with thousands of users, oh boy!
I walk over to his desk and ask ask him what his Inbox looks like. He just curses at me while I set up a email filter rule for him.
45 minutes later, still during the middle of lunch, we get a global system notification that email is offline until further notice.
And so ended the global-policy of "read receipts" and the implementation of "no nested distribution groups".
Praise be the automation!
Cassie0peia@reddit
Oh man this made me laugh but I would have been pissed off if I was on that list.
cascading_error@reddit
A few years ago at my university some student figured out they could do an @all email and emailed a survey to every single student, faculty and alumni.
I heared of these bombs before so i just laughed. Most of my classmates were freaking out. A few were engaging, trying to get everyone to shut up.
It took 4 days (with a few flareups a week or so later) for IT to deal with it.
I think we made the news with it. Still makes me laugh, dont feel sorry for it either, they were (and i heared still are) quite useless.
Mr_ToDo@reddit
It still bothers me that exchange online has a minimum number of recipients for reply all storm control. 1000 may not seem all that high for some people but it's still higher then what I'd call the maximum of people you can manually run around telling them to fec off with the replies
Oh well, at least it's down from its original 5000
Rax_Idgara@reddit (OP)
Do you remember "net send"? A friend used one of the "@to" wildcards to message everybody, and crashed the university network. Got 3-days extra to submit a midterm.
canada432@reddit
net send was how we chatted back in middle school, back when the "IT Department" for most school districts was 1 dude and cybersecurity was barely a concept. We had to map out all the computers in the building by trial and error so we didn't accidentally send a message to the wrong person.
Dakduif@reddit
Oooh, I had one at my university too. Some employee wanted to order a USB stick from the uni's IT department, but somehow managed to mail that request to a list that included everyone. Students, employees, EVERYONE.
It turned into some sort of message board/chat room for a little while with students catching up with friends until urgent mails were sent by IT to stop replying. 😂 I imagine there was an Exchange server somewhere with a little plume of smoke coming out the top.
Random-Mutant@reddit
Nested distribution groups are fine. But certain high-level groups should only have select users able to email that group.
Secepatnya@reddit
Many years ago a then-12 year old in my school sent a one liner email to what I believe is some global DL with everyone, staff, students, parents, alumni... you name it.
I don't have it, but from memory it went something like:
WantToVent@reddit
Joseph does seem cool.
WashU_labrat@reddit
Can confirm. Chickens are cool.
Srekcins82@reddit
My junior year in high school (99-00) my class was in the library doing research for an English paper. A few of us were bored and discovered the interna network messaging system. Sending a message would open what looked like a new application window to display the message. We started small by sending messages to our other classmates. They quickly got annoyed, but we found that we could trace our way up the network to the school district's server, and I do mean the high school, junior high, and all of the elementary schools. Being the teenagers we were, every computer connected to the network got a few messages popping up on their screens along the lines of:
I am Bob.
You will worship Bob.
Bow to Bob
It was only 4 or 5 things like this that we sent, but we found out later that it caused quite the uproar with some of the more computer illiterate teachers in the district. We heard that many of them thought that they had their computers infected with a virus, with a few of them going a far as unplugging every wire that was connected, not just the network cable. Got a week of lunch detention for that, but we still thought it was hilarious.
canada432@reddit
We had a similar thing about 2 years ago. Some middle school girl managed to email the entire staff and student directories. We're still not entirely sure how she did it. Over 10k people. Luckily no parents or anything. She didn't understand why she was in trouble for emailing 10,000 people, "Hi, I'm, I'm bored in class."
lucky_ducker@reddit
Distribution groups are the bane of I.T.'s existence. There's so many different ways to implement groups, Microsoft seems to add a new type of group every couple of years, and their own support pages don't seem to be able to make a coherent case for why you should choose one type of group over another.
And then there's the chaos when several people have management of a group, and seem to have very different visions of what the group should be used for.
Rax_Idgara@reddit (OP)
Ya, they were mostly just new to the integration of multi-department functions. You don't need drastically unrelated departments under a super-massive group for blanket notifications.
Responsible-Type-923@reddit
How long is your lunch break to still be in the middle of it 45min. Later?
hoyton@reddit
1 hour is fairly standard
TrippTrappTrinn@reddit
When sending to a high number of recipients, use bcc. It prevents the too common "reply to all" storm.Â
ryanlc@reddit
Or, you know.... Exchange permissions. Limit who can send to those big distro groups.
ozzie286@reddit
Or, you know, do both. Very few people can modify Exchange permissions, but anyone can bcc.
ryanlc@reddit
True. It's just astounding how many people don't know how to do a BCC, especially since Outlook started hiding that line by default.
Ok-Material-1961@reddit
Had this happen, not with exchange, when I worked at a 3 letter company that's favorite color was blue.
numbah25@reddit
I always wonder how people think replying all asking to be removed does anything
EmberQuill@reddit
Same thing happened where I work. Someone accidentally sent to everyone, everyone used reply-all to respond, including using reply-all to tell people to stop using reply-all (which doesn't help in the slightest), absolute bedlam. Email delivery slowed to a crawl because our dinky little Exchange 2010 server was overloaded with that email bomb. I can't remember the exact details because it was a while ago, but I think the Exchange server might've actually crashed, too.
I think they "fixed" it by setting up some server rules to discard those emails instead of delivering them, stopping the email bomb in its tracks. They had to leave the rules in place for several days because people kept trying to hop on the bandwagon and get it going again, despite several company-wide notifications telling them not to.
ac8jo@reddit
I've been in one of these situations. All professional engineers and urban planners that know a few things about programming. One or two people with some stupid auto-reply that said something like "I'm driving and I'll get to your email when it's safe to do so." Cue hundreds of emails asking to be removed, all of them ignoring the line on the bottom of the email that said something like "This was sent by-L. To stop these emails, visit ."
joe_attaboy@reddit
Reminds me of the ILOVEYOU email virus from back in 2000. Some kid in the Philippines created malware using the Visual Basic scripting language, then "accidentally" sent it to someone in an email. The malware spread by replicating itself, then re-writing and renaming files on the host with copies of the .vbs script containing the code. He also used a feature in Outlook that allowed you to hide the extension in a file name. People thought they were opening a plain text message, when it turned out to be a .vbs script that infected the system.
The spread was rapid because it sent copies of itself to all addresses in the user's Outlook address book. I worked as a civilian for a Navy command. The standard Outlook address books frequently included large groups and mailing lists that stretched into other Navy segments. We were a small weather command; out Outlook server was down in a matter of minutes. I recall that the spread started in Manila and began spreading east. We got panicked all about it from weather commands in Hawaii and California, but it was too late.
I may have slept an hour over the next four days trying to help clean up that shite.
MoneyTreeFiddy@reddit
My favorite of these happened to a list of "ParticularSoftwareToolDistibGroup". It was just a mild announcement, like, "tool will be unavailable starting Saturday at midnight and ending at 2am Sunday".
The number of people who replied "why am i on this list?", "remove me" - you are on the list because you have the tool. Do you not use the tool? Id they remove you, you won't get updates about the tool.
pakrat1967@reddit
I experienced something like this at least 3 times back when I was a test technician for a major telecom company. It usually started with someone using the wrong (big) distro list to report an issue. Followed by multiple people using reply all to ask to be removed from the distro list. Then add in the people still using reply all to tell people not to use reply all.
willun@reddit
I have told this story before but in my Fortune 500 company the President of the company sent an email to all staff. Many employees had heard of the CEO but had no knowledge of the President.
Of course there was at least one reply-all "How do i get off this list"
There is only one way off the list. I don't know if it happened to them.
pedantic_dullard@reddit
I worked at a global tech company years ago.
There was some global distribution lost that didn't have restrictions on who could send to it. Someone sent a mail, I think it could have been a goodbye after a layoff, to the entire company. It was a dozen years ago, I think it was something like 150k users.
The Reply All frenzy crashed lotus Notes for the rest of the day. The mail team had tens of thousands of emails hit all at once.
Thankfully they used that as a lesson to restrict access to the larger mail groups
gryghin@reddit
A good friend of mine told our boss that we were going to implement outlook forwarding rules to each other if he didn't stop micromanaging our project team.
Our boss agreed that weekly updates were frequent enough and stopped pestering us three times a day.
fresh-dork@reddit
hehe, BEDLAM-DL3 was almost 30 years ago and it''s still happening. at least you didn't have to shut down the whole network and flush the mail servers. or fire 3 people
Rax_Idgara@reddit (OP)
LOL. I grew up with dialup. Fax/Email bombs are a classic that still make me giggle l.
Throwaway_Old_Guy@reddit
Saw that happen once where I used to work.
It was about a pot luck being held at Corporate Head Office, and it went (to the best of my knowledge) Global.
I was just a lowly user, not IT, so I don't know how much chaos or damage it caused.
DrHugh@reddit
Yeah, the first person who does a reply-all to ask to be removed just starts the nightmare part of the scenario. Until then, it is just an annoyance seen by multiple people.