back to article Stop replying! pleads NetApp customer stuck in reply-allpocalypse

Hundreds of NetApp customers were peeved to find they had accidentally been added to the CC field of an email, resulting in a spamaggeddon of messages. The communique was intended as a support bulletin regarding a previous version of Windows. One customer got in touch to say: "NetApp accidentally emailed all their customers …

  1. Your alien overlord - fear me

    Why the fuck was 'Reply to all' ever put on email programs?

    1. Hans Neeson-Bumpsadese Silver badge

      The thing that strikes me is that the 'reply all' option has been in email software for as long as I can remember, but it's only in the last year or so that I find it being a problem. I can't recall being plagued by inappropriately replied-to-all emails much until a year or two ago.

      1. Anonymous Coward
        Anonymous Coward

        Nope had them well over a decade ago..

        1. heyrick Silver badge

          "Nope had them well over a decade ago.."

          I wrote a simple email client uh maybe twenty years ago now. It had the option to reply to all in the CC list, however it would warn you if you were posting to more than ten addresses, and if you were posting to more than 30, it would tell you how many, ask if you really intend to send a message to that many people, and make you type in "yesireallywanttodothis".

          Saved my ass a couple of times when I clicked Reply All instead of Reply (to sender). ;-)

      2. Ambivalous Crowboard

        "I can't recall being plagued"

        What are you, twelve? This has been a problem since email became email.

    2. 2460 Something

      Why wouldn't you have the ability to reply to everyone involved in an email chain?

      What is needed in this instance is user education (for all those who replied to everyone asking for their details to be removed, instead of bizarre knee-jerk responses to what is likely an unfortunate paste into the wrong email field. Removing the reply all function would not have stopped the initial email going out.

      1. tr1ck5t3r

        >What is needed in this instance is user education

        Because humans are human, my software has a bulk mailing facility that is programmed to only send BCC, whilst also capable of spitting out email's individually in a manner to not trip up ISP's email restrictions which might exist more so in overseas country's, eg 200 an hour and no more than 1000 a day for example.

        Dont blame the user's blame the chain of command at the top for their stupidity at failing to quantify the risk to their business. In the mean time, sign up to every mailing list going and have some software to delete the spam automatically but ready to harvest email addresses when these businesses slip up.

        Its only a question of time, and a valid attack vector for future hacking, if you choose to plan ahead.

    3. AndrueC Silver badge
      Unhappy

      CC is the real problem. That could be blocked for at least all emails leaving a domain and preferably by default for all emails. Personally in this situation I'd be annoyed about the spam but livid about NetApp sending my email address to other people. I consider that a data protection violation.

      I use a DEA system and the email address NetApp might have on record for me should only be known by NetApp.

      1. John H Woods Silver badge

        cc

        The total number of individuals in a cc, after enumerating any groups, should not exceed N.

        You could relax this criterion a bit by making it only applicable to replies and/or automatically moving the remaining addressees to bcc and/or being overrideable on confirmation.

        I'm not convinced N needs to be much greater than 20.

        1. Naselus

          Re: cc

          I suspect the problem is that some mobile email clients automatically default to 'reply all' when you hit the general reply button (to save space on the screen, it just shows 1 and you hold it down to select between various reply options). So when you're trying to get your phone to shut up at 4am by sending a reply asking to be removed from the list....

          For the record, as someone who was caught in it, the message storm lasted about 3 hours, ending around 10:45am GMT and had about 280 messages. This is much less severe than the 3 day email storm that the Unreal Editor github mailing list underwent last year; think I had about 12,000 messages from that one...

        2. david 12 Silver badge

          Re: cc

          Yes, in this day and age any standard email server is set to limit the number of items in the address and cc lists. Why this wasn't done at NetApp.... oh wait, that's an error in the article. It wasn't a cc problem at all.

        3. P. Lee

          Re: cc

          I'm not convinced the trouble ticketing system should be passing email addresses to the email software, that aren't associated with the customer who raised the ticket.

          Also, maybe restrict access to large mailing groups? That should stop the problem of mailing Alli ndiaman and ending up mailing all Indian customers.

          Enterprise controls? We've heard of them.

      2. Adrian 4

        Cc, Bcc and Reply All all have legitimate uses for small groups of people.

        The problem is having a very large list that can be added to them : CCs should be filled in manually, to include a handful of interested people. But some misbegotten mail software (yes, Outlook, I'm talking about you) allows the use of huge files of recipients instead as some sort of idiot mailing list.

        The correct way to set these large lists up is with group names expanded by a mailserver, and to restrict use of those names to people who have a clue.

        1. John Brown (no body) Silver badge

          "The correct way to set these large lists" is to use a proper mailing list programme and not a desktop mail client.

          FTFY

      3. John Brown (no body) Silver badge
        Thumb Up

        " livid about NetApp sending my email address to other people. I consider that a data protection violation."

        Yep, that's the primary problem right there!

  2. Anonymous Coward
    Anonymous Coward

    'The Register has contacted NetApp for a comment.'

    What. Via email?

    1. 2460 Something

      Re: 'The Register has contacted NetApp for a comment.'

      They were in the original chain so did a reply-to-all ....

  3. Marc 13
    FAIL

    This NetApp one presumable contains IT types, who should know better than reply all, especially once the tsunami started!

    We had a variation in our office the other week, a couple of hundred tenants got spammed by a gritting contractor who'd left a distribution list able to be replied to from outside the organisation so when a few recipients started replying with unsubscribe/remove etc...

    1. MiguelC Silver badge

      Had the same with my kid's school mailing list... I had a laugh but it seems most parents were really angry and talkative which, again, made me laugh a(nother) bit

  4. Locky

    Rule 1 of email group management: Do not give them publicly available addresses

    I wonder if a HP / EMC reseller has sent a reply all asking if anyone wants to migrate?

  5. chivo243 Silver badge
    Trollface

    pssh

    300 messages is nothing.. Wait until you get 30,000 from a reply all - out of office - mail bomb...

  6. Anonymous Coward
    Anonymous Coward

    Reply all isn't an issue and is very useful the problem is the CC field and the fact that mail clients don't have a limit on the number of people that can be CC'd which can be the mail server administrator.

    Such a limit must be easy to implement in software and hardly a major change resulting in the mail being bounced back to the sender as happens with my isp which limits how many people you can send to at once.

  7. Harry the Bastard

    surely this is a...

    ...blatant move to increase netapp storage sales by embiggening the email archive size

  8. thetank
    WTF?

    Reply to all

    I was briefly hit by this earlier until I put a mail filter rule in place. Sure some Netapp bod screwed up by not BCCing the mailing list but it seems to me like there are a worrying amount of global IT professionals that don't understand how email or 'reply to all' works. And these people are administering the enterprise storage of global companies. I also don't understand why Netapp still haven't edited the security of the distribution list to not accept email from external domains.

  9. Chris Jasper

    Nah

    The worse problem is the smartasses who think they have the most original jokes to take the mickey out of the originator of the reply all.......

  10. Anonymous Coward
    Anonymous Coward

    There's one way to stop this sort of escalating crisis:

    Send a gratuitously offensive "why don't you bozos learn about BCC and ReplyAll" reply, but make sure that all the recipients are on BCC only. The only From: and ReplyTo: addresses should be those of the prat that started it. That way all the insulting replies don't go to everyone, but only to the prat, and the loop gets broken.

    1. Bob Dole (tm)
      Thumb Down

      or..

      Or you could just ignore the emails and delete them while realizing the situation will die down on it's own relatively quickly...

    2. Nolveys
      Trollface

      Send a gratuitously offensive "why don't you bozos learn about BCC and ReplyAll" reply, but make sure that all the recipients are on BCC only. The only From: and ReplyTo: addresses should be those of the prat that started it. That way all the insulting replies don't go to everyone, but only to the prat, and the loop gets broken.

      It would be more fun to reply to all, but add all of the cc addresses from several other recent mail storms.

    3. Alumoi Silver badge

      And where's the fun of doing this?

  11. doke

    IT people should be able to filter email

    Anyone working in IT should know how to put filters on their email, and know not to reply all to this sort of thing. Anyone who replied into the mailbomb just announced their incompetence to the entire group.

  12. Anonymous Coward
    Anonymous Coward

    last time I had that as an email admin ...

    was in a very large corporation where HR (who else ?) had found it cunning to send to several thousands email address (at a To:) a mildly ennoying email.

    When you factor in the fact that 60% of average corporate email users are not aware a "reply" command exists that would reply to the sender only, but still always do the default reply-to-all thing, you get the effect ...

    So many people shouting "stop replying to all" while ... exactly spamming everyone with reply-to-all ...

    I ended up setting-up a filter at MTA level that would black hole any reply ...

    People are really stupid ...

  13. Stevie

    Bah!

    From: Net Admin To: All Users

    Please stop replying to all wrt frivolous emails as it bogs down the network

    From: Dilbert To: All Users

    I agree.

  14. Dave Hilling

    I hate people

    I remember something similar at a company I worked at before....then people started replying like crazy to all saying "I dont think this was meant for me" ....if it wasnt meant for you don't f'ing reply...I swear it went on for 14 hours....I think some did it thinking they were funny but when your on call and your wife is ready to stab you and throw your BB out the windows at 3 am its not funny at all.

    1. cosymart
      FAIL

      Re: I hate people

      I switch my phone off at night don't you?

      1. unwarranted triumphalism

        Re: I hate people

        Not if I'm on call.

  15. Anonymous Coward
    Anonymous Coward

    Used to love this at HP

    This happened on at least 3 seperate occasion when i worked in HP over 5 years ago, some clod would email ALL employees (back when there were quite a few globally) and email could be out for at least a day with people replying all to be removed from the distribution list. One went on over a whole weekend. It made for fabulous skiving time and extended lunch/tea breaks when you were just a minion.

  16. cd

    I applied to a rude company once, they sent a automated reply to every message. Since I was using a trash gmail account I set up an auto-reply to every message from their auto-reply and logged out. Looked in a week later; it took them a while.

  17. Brian Miller
    Windows

    Microsoft: "Me, too!"

    This stuff happens at Microsoft every once in a while. The biggest incident was in the late 90's, when someone noticed that they were on a mailing list they didn't know about. This happened to be a mailing list that was constructed for testing purposes.

    Idiot: "Who owns this list, and what is it for?"

    Idiot2: "I'd like to know, too."

    Idiot3: "Me, too!"

    Idiot4: "Me, three!"

    And so on, and so on. The Exchange mail servers were overloaded for at least three days.

    1. John Brown (no body) Silver badge
      Joke

      Re: Microsoft: "Me, too!"

      "And so on, and so on. The Exchange mail servers were overloaded for at least three days."

      Four people? Four emails? And Exchange collapsed? So what's new there?

  18. Anonymous Coward
    Anonymous Coward

    SFDC

    I am a NetApp employee and we heard internally, that it was a bug in SalesForce that caused the damage by putting a publicly available distribution list on CC instead of BCC.

    What a shame! I was not the cause, but

    MY APOLOGIES TO ALL OF YOU BEING HIT!

  19. Throatwarbler Mangrove Silver badge
    FAIL

    Not quite

    I was on the email chain, and the incident is not quite as reported. It appears that the culprit mailing list was ng-targeted-bcc@netapp.com. Unfortunately, it appears that the mailing list configuration at Salesforce was configured so that responses to the notification would go to netappcustomercommunique@netapp.com, which was a reference to the original mailing list. User email addresses actually were not generally exposed, although some of the responses included individual email addresses.

    Probably whatever low-paid employee is responsible for creating new mailing lists forgot to hit a radio button in the mailing list config on Salesforce and is hopefully enjoying a healthy round of training and teasing instead of termination.

  20. Mephistro
    Facepalm

    What I find really difficult to believe...

    ... is that most mail apps still have "CC" and "Reply to All" as default options! The whole thing is like a spammer's wet dream!

  21. Jonathan 27

    Bah, that's nothing. I once got over 2 million emails once after I set an out of office autoresponder and then went on vacation. That's all I did. One of the emails sent to me in that period had an invalid reply address, which triggered the email system to send me a "cannot find address" email, which triggered the autoresponder. Now this would have been all well and good, but that "cannot find address" email? It's reply address was ALSO invalid, which triggered the whole thing to loop indefinitely.

    My entire mailbox was just filled with tiny "cannot find address" emails, super.

  22. Pascal Monett Silver badge

    Good.

    It takes a looooong time to educate people and the only way they really learn is with pain. So let them live the pain of this ReplyAll hell that they have inflicted on themselves - it builds character, as I once heard.

    Seriously though, what organization is stupid enough to let the Reply All function remain available ? I remember one large administration that actually had the balls to put a check on that button. It was greyed out, but you could still click it. If you did click it, you got a popup asking you to confirm that really, really wanted to be singled out for replying to everyone instead of just the sender. If you insisted, you could hardly pretend that you had done so by accident, so it was your ass if you did it wrong.

    For my part, I think the Reply All button should be tightly controlled in a company, with only managerial-level staff being able to use it. And even then, lower-level staff would be excluded from the catfight.

    In truth, if you do not agree with something someone sent, you answer that person and you leave everyone else the fuck out of the argument until it is solved, in which case you could eventually send a notice out to everyone with the final decision.

    But everyone has to treat mail like a frakkin soapbox and broadcast their opinion to all and sundry.

    Learn to speak when you have something important to say, and shut the fuck up if you just want to spout off. There's 4chan for that.

  23. Anonymous Coward
    Anonymous Coward

    Promotion and Payrise....

    The idiot who did it will be promoted and offered a job in NetApp's marketing department ....

  24. bofh80

    Nah probably just work at the reg.

    They don't seem to bother blogging or apologizing when their marketing dept does the exact same thing.

  25. herman Silver badge

    It is also fun with Out of Office replies to Out of Office replies.

  26. eldakka

    This is not a problem with email.

    It is 100% a problem with user stupidity.

  27. nilfs2
    Unhappy

    Not the first time it happens

    I've being the victim of NetApp's CC 3 times now

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like