Why the fuck was 'Reply to all' ever put on email programs?
Stop replying! pleads NetApp customer stuck in reply-allpocalypse
Hundreds of NetApp customers were peeved to find they had accidentally been added to the CC field of an email, resulting in a spamaggeddon of messages. The communique was intended as a support bulletin regarding a previous version of Windows. One customer got in touch to say: "NetApp accidentally emailed all their customers …
COMMENTS
-
-
-
-
Friday 27th January 2017 21:22 GMT heyrick
"Nope had them well over a decade ago.."
I wrote a simple email client uh maybe twenty years ago now. It had the option to reply to all in the CC list, however it would warn you if you were posting to more than ten addresses, and if you were posting to more than 30, it would tell you how many, ask if you really intend to send a message to that many people, and make you type in "yesireallywanttodothis".
Saved my ass a couple of times when I clicked Reply All instead of Reply (to sender). ;-)
-
-
-
Friday 27th January 2017 13:33 GMT 2460 Something
Why wouldn't you have the ability to reply to everyone involved in an email chain?
What is needed in this instance is user education (for all those who replied to everyone asking for their details to be removed, instead of bizarre knee-jerk responses to what is likely an unfortunate paste into the wrong email field. Removing the reply all function would not have stopped the initial email going out.
-
Friday 27th January 2017 23:33 GMT tr1ck5t3r
>What is needed in this instance is user education
Because humans are human, my software has a bulk mailing facility that is programmed to only send BCC, whilst also capable of spitting out email's individually in a manner to not trip up ISP's email restrictions which might exist more so in overseas country's, eg 200 an hour and no more than 1000 a day for example.
Dont blame the user's blame the chain of command at the top for their stupidity at failing to quantify the risk to their business. In the mean time, sign up to every mailing list going and have some software to delete the spam automatically but ready to harvest email addresses when these businesses slip up.
Its only a question of time, and a valid attack vector for future hacking, if you choose to plan ahead.
-
-
Friday 27th January 2017 13:35 GMT AndrueC
CC is the real problem. That could be blocked for at least all emails leaving a domain and preferably by default for all emails. Personally in this situation I'd be annoyed about the spam but livid about NetApp sending my email address to other people. I consider that a data protection violation.
I use a DEA system and the email address NetApp might have on record for me should only be known by NetApp.
-
Friday 27th January 2017 14:14 GMT John H Woods
cc
The total number of individuals in a cc, after enumerating any groups, should not exceed N.
You could relax this criterion a bit by making it only applicable to replies and/or automatically moving the remaining addressees to bcc and/or being overrideable on confirmation.
I'm not convinced N needs to be much greater than 20.
-
Friday 27th January 2017 16:25 GMT Naselus
Re: cc
I suspect the problem is that some mobile email clients automatically default to 'reply all' when you hit the general reply button (to save space on the screen, it just shows 1 and you hold it down to select between various reply options). So when you're trying to get your phone to shut up at 4am by sending a reply asking to be removed from the list....
For the record, as someone who was caught in it, the message storm lasted about 3 hours, ending around 10:45am GMT and had about 280 messages. This is much less severe than the 3 day email storm that the Unreal Editor github mailing list underwent last year; think I had about 12,000 messages from that one...
-
Monday 30th January 2017 10:45 GMT P. Lee
Re: cc
I'm not convinced the trouble ticketing system should be passing email addresses to the email software, that aren't associated with the customer who raised the ticket.
Also, maybe restrict access to large mailing groups? That should stop the problem of mailing Alli ndiaman and ending up mailing all Indian customers.
Enterprise controls? We've heard of them.
-
-
Friday 27th January 2017 20:32 GMT Adrian 4
Cc, Bcc and Reply All all have legitimate uses for small groups of people.
The problem is having a very large list that can be added to them : CCs should be filled in manually, to include a handful of interested people. But some misbegotten mail software (yes, Outlook, I'm talking about you) allows the use of huge files of recipients instead as some sort of idiot mailing list.
The correct way to set these large lists up is with group names expanded by a mailserver, and to restrict use of those names to people who have a clue.
-
-
-
Friday 27th January 2017 13:09 GMT Marc 13
This NetApp one presumable contains IT types, who should know better than reply all, especially once the tsunami started!
We had a variation in our office the other week, a couple of hundred tenants got spammed by a gritting contractor who'd left a distribution list able to be replied to from outside the organisation so when a few recipients started replying with unsubscribe/remove etc...
-
-
Friday 27th January 2017 13:28 GMT Anonymous Coward
Reply all isn't an issue and is very useful the problem is the CC field and the fact that mail clients don't have a limit on the number of people that can be CC'd which can be the mail server administrator.
Such a limit must be easy to implement in software and hardly a major change resulting in the mail being bounced back to the sender as happens with my isp which limits how many people you can send to at once.
-
Friday 27th January 2017 14:09 GMT thetank
Reply to all
I was briefly hit by this earlier until I put a mail filter rule in place. Sure some Netapp bod screwed up by not BCCing the mailing list but it seems to me like there are a worrying amount of global IT professionals that don't understand how email or 'reply to all' works. And these people are administering the enterprise storage of global companies. I also don't understand why Netapp still haven't edited the security of the distribution list to not accept email from external domains.
-
Friday 27th January 2017 14:20 GMT Anonymous Coward
There's one way to stop this sort of escalating crisis:
Send a gratuitously offensive "why don't you bozos learn about BCC and ReplyAll" reply, but make sure that all the recipients are on BCC only. The only From: and ReplyTo: addresses should be those of the prat that started it. That way all the insulting replies don't go to everyone, but only to the prat, and the loop gets broken.
-
Friday 27th January 2017 21:19 GMT Nolveys
Send a gratuitously offensive "why don't you bozos learn about BCC and ReplyAll" reply, but make sure that all the recipients are on BCC only. The only From: and ReplyTo: addresses should be those of the prat that started it. That way all the insulting replies don't go to everyone, but only to the prat, and the loop gets broken.
It would be more fun to reply to all, but add all of the cc addresses from several other recent mail storms.
-
-
Friday 27th January 2017 15:57 GMT Anonymous Coward
last time I had that as an email admin ...
was in a very large corporation where HR (who else ?) had found it cunning to send to several thousands email address (at a To:) a mildly ennoying email.
When you factor in the fact that 60% of average corporate email users are not aware a "reply" command exists that would reply to the sender only, but still always do the default reply-to-all thing, you get the effect ...
So many people shouting "stop replying to all" while ... exactly spamming everyone with reply-to-all ...
I ended up setting-up a filter at MTA level that would black hole any reply ...
People are really stupid ...
-
Friday 27th January 2017 16:26 GMT Dave Hilling
I hate people
I remember something similar at a company I worked at before....then people started replying like crazy to all saying "I dont think this was meant for me" ....if it wasnt meant for you don't f'ing reply...I swear it went on for 14 hours....I think some did it thinking they were funny but when your on call and your wife is ready to stab you and throw your BB out the windows at 3 am its not funny at all.
-
Friday 27th January 2017 17:08 GMT Anonymous Coward
Used to love this at HP
This happened on at least 3 seperate occasion when i worked in HP over 5 years ago, some clod would email ALL employees (back when there were quite a few globally) and email could be out for at least a day with people replying all to be removed from the distribution list. One went on over a whole weekend. It made for fabulous skiving time and extended lunch/tea breaks when you were just a minion.
-
Friday 27th January 2017 17:26 GMT Brian Miller
Microsoft: "Me, too!"
This stuff happens at Microsoft every once in a while. The biggest incident was in the late 90's, when someone noticed that they were on a mailing list they didn't know about. This happened to be a mailing list that was constructed for testing purposes.
Idiot: "Who owns this list, and what is it for?"
Idiot2: "I'd like to know, too."
Idiot3: "Me, too!"
Idiot4: "Me, three!"
And so on, and so on. The Exchange mail servers were overloaded for at least three days.
-
Friday 27th January 2017 19:26 GMT Throatwarbler Mangrove
Not quite
I was on the email chain, and the incident is not quite as reported. It appears that the culprit mailing list was ng-targeted-bcc@netapp.com. Unfortunately, it appears that the mailing list configuration at Salesforce was configured so that responses to the notification would go to netappcustomercommunique@netapp.com, which was a reference to the original mailing list. User email addresses actually were not generally exposed, although some of the responses included individual email addresses.
Probably whatever low-paid employee is responsible for creating new mailing lists forgot to hit a radio button in the mailing list config on Salesforce and is hopefully enjoying a healthy round of training and teasing instead of termination.
-
Friday 27th January 2017 20:00 GMT Jonathan 27
Bah, that's nothing. I once got over 2 million emails once after I set an out of office autoresponder and then went on vacation. That's all I did. One of the emails sent to me in that period had an invalid reply address, which triggered the email system to send me a "cannot find address" email, which triggered the autoresponder. Now this would have been all well and good, but that "cannot find address" email? It's reply address was ALSO invalid, which triggered the whole thing to loop indefinitely.
My entire mailbox was just filled with tiny "cannot find address" emails, super.
-
Friday 27th January 2017 20:14 GMT Pascal Monett
Good.
It takes a looooong time to educate people and the only way they really learn is with pain. So let them live the pain of this ReplyAll hell that they have inflicted on themselves - it builds character, as I once heard.
Seriously though, what organization is stupid enough to let the Reply All function remain available ? I remember one large administration that actually had the balls to put a check on that button. It was greyed out, but you could still click it. If you did click it, you got a popup asking you to confirm that really, really wanted to be singled out for replying to everyone instead of just the sender. If you insisted, you could hardly pretend that you had done so by accident, so it was your ass if you did it wrong.
For my part, I think the Reply All button should be tightly controlled in a company, with only managerial-level staff being able to use it. And even then, lower-level staff would be excluded from the catfight.
In truth, if you do not agree with something someone sent, you answer that person and you leave everyone else the fuck out of the argument until it is solved, in which case you could eventually send a notice out to everyone with the final decision.
But everyone has to treat mail like a frakkin soapbox and broadcast their opinion to all and sundry.
Learn to speak when you have something important to say, and shut the fuck up if you just want to spout off. There's 4chan for that.