Email Storm Suppression Took Its Time Coming
Last year, Microsoft rolled out the initial version of their Reply-All Storm Suppression feature for Exchange Online (but not Exchange Server). In a nutshell, a reply-all storm happens when someone uses the client reply-all option to send a message to a large distribution list, in turn prompting a flurry of responses from recipients who ask why they received the message. The most famous example is Microsoft’s Bedlam DL3 incident from 1997 where a series of replies generated 15 million messages consuming 195 GB of bandwidth. That doesn’t sound a lot today because the capacity of email servers and networks are so much larger, but it was enough to crash the Message Transfer Agent (MTA) of Exchange 5.5 servers.
Although servers and networks can handle much higher loads today (and SMTP replaced the X.400-based MTA in Exchange 2000), people continue to abuse reply-all. Or rather, use reply-all without thinking or inappropriately, or whatever excuse you prefer. The need to suppress email storms has existed for over twenty years. It’s a mystery why it took the Exchange development group so long to come up with an answer. What’s for sure is that this feature is good both for Microsoft (reduces load on Exchange Online) and customers (stops users being annoyed by a blizzard of replies arriving in their inbox).
The ability for administrators to configure the Exchange transport service to deal with email storms delivered in 2020 worked, but only for large tenants with distribution lists spanning more than 5,000 members. Apparently, the logic is that large tenants have the kind of distribution lists which can generate the volume of traffic that can cause Exchange Online some problems. It’s a reasonable argument.
Updated Settings Now Available
To their credit, Microsoft said that they would use telemetry to figure out if they needed to tweak the email storm suppression settings. They’ve now done that by:
- Allowing tenant administrators to enable or disable storm suppression.
- Reducing the minimum number of recipients from 5,000 to 1,000.
- Reducing the minimum number of reply-all messages sent to the list from 10 to 5. The maximum number of reply-all messages tolerated before suppression happens can be set as high as 20.
- Making the block interval adjustable in a range of one to 12 hours (previously fixed at 4 hours). While the block lasts, anyone sending a message to the list receives an NDR (Figure 1).
The settings are updated by running the Set-TransportConfig cmdlet. For example, these commands enable email storm protection and set the limits at 1,000 recipients with 5 reply-all messages sent to the list and a block duration of 2 hours. They seem like good limits for a small to medium tenant.
Set-TransportConfig -ReplyAllStormProtectionEnabled $True -ReplyAllStormDetectionMinimumRecipients 1000 -ReplyAllStormDetectionMinimumReplies 5 -ReplyAllStormBlockDuration 2 Get-TransportConfig | Format-List ReplyAll* ReplyAllStormProtectionEnabled : True ReplyAllStormDetectionMinimumRecipients : 1000 ReplyAllStormDetectionMinimumReplies : 5 ReplyAllStormBlockDurationHours : 2
I was able to set the values now. Microsoft says that all Exchange Online tenants should have the updates by mid-June, but there’s still no news whether the feature will come to on-premises Exchange. Happy suppressing!
One of my favorite email memories is a reply all incident at the office. The Ottawa office mistakenly emailed the entire company about extra cake in the conference room. Soon folks in our company offices all over the world were offering leftover foods or asking about stolen lunches. My favorite was the French who said they had plenty of caviar and champagne in their break room.