Home / Blogs

Reply-All Creates a DDoS Attack?

By Patrik Fältström Technical Director and Head of Security at Netnod

One can read in an Associated Press article that the US State Department have their email system bogged down due to too many people use the Reply-All function in their email client. IT Departments have asked people to not use Reply-All and also threaten with disciplinary action. To me, that is the wrong path forward.

Sure, it is problematic to get too much email that does not concern you, but that it would be a problem to have too many people do reply-all is strange to me. Without knowing any details it seems like if the email system store each message that is delivered to more people than one as one copy per receiver. Instead as one message and then just pointers from their message to the shared data. I.e. regardless of whether a message has one or thousand recipients, it should be stored once. Of course this might not be the problem, but the problem might be just the number of messages that the system has to process. I hope we can get some more data on what really happens.

Otherwise I have problems with people that do not use Reply-All. They send you a message, and when you reply, you add someone as cc: that should be part of the conversation. The person originally starting the discussion do Reply (only) and you have to forward the message plus add the 2nd person as Cc: again.

No, I am in favor for more use of the Reply-All feature, but on the other hand, that implies that first of all people understand when to reply to messages at all, and that email server implementations do the right thing. Am I asking for too much?

I soo much remember this old Dilbert strip from 1995 that point out the problem. Have a look at it…

By Patrik Fältström, Technical Director and Head of Security at Netnod

Filed Under

Comments

Too much email is probably the issue Dan Campbell  –  Jan 12, 2009 7:44 PM

I don’t know about the State Dept and will have to read the article, but I think the issue is less the actual load on servers, storage and the network -  although that may play into it - than what people feel is a loss of productivity due to high volumes of email that can’t possibly be answered, or the effectiveness of email as a communication tool going down as a result of people not reading and returning the high volumes that result from long reply-all email trails.  Reply-all is very valuable as a communication tool but it is abused.  You can easily come back from an hour meeting and have 100 emails as a result of a few trails. I see in many environments that alot of people just stop reading and returning email and seem to get away with the excuse that they just have too much of it.  Although I agree that “reply-all” is very useful, as you say it implies that all people respect it and only reply when appropriate.  Unfortunately the oppositie often happens and you end up with long email trails with one person replying-all with “ok” or “thanks” (then of course you get a “your welcome” to make it worse).  Reply-all is good in some circumnstances but email shouldn’t be used as a IM/chat session, phone call conversation or even a blog.

# 1 Reply  |  Link  |  Report Problems
Of course solving the problem is not Patrik Fältström  –  Jan 13, 2009 6:49 AM

Of course solving the problem is not easy, but, I just wanted to point out that I already today see products on the market that:

  • Do not store more than copy of a message in a message store
  • Do handle threading properly in the client (so ignoring a thread is easy)
  • Do not translate the Re: prefix of the subject line

    • You point out the problem with productivity, and sure, that is a problem, but during my now 24 years in the email business I have been through many many reply-all storms. With clients that handle threading properly, ignoring the complete storm is just one key press away.

    It is just up to the procurer to buy the right stuff. A pet issue for me, specifically in my work with public policy. As long as public sector buy bad stuff, we will have bad stuff on the market. Or to put it differently, public sector can change the products on the market more than they believe by using their procurement process. In many cases much more effective than subsidizing or regulation.

    # 2 Reply  |  Link  |  Report Problems

    Comment Title:

      Notify me of follow-up comments

    We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

    CircleID Newsletter The Weekly Wrap

    More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

    I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

    VINTON CERF
    Co-designer of the TCP/IP Protocols & the Architecture of the Internet

    Related

    Topics

    IPv4 Markets

    Sponsored byIPv4.Global

    Brand Protection

    Sponsored byCSC

    Threat Intelligence

    Sponsored byWhoisXML API

    Cybersecurity

    Sponsored byVerisign

    Domain Names

    Sponsored byVerisign

    DNS

    Sponsored byDNIB.com

    New TLDs

    Sponsored byRadix

    View All Topics