An email storm (also called a Reply Allpocalypse) is a sudden spike of Reply All messages on an email distribution list, usually caused by a controversial or misdirected message. Such storms start when multiple members of the distribution list reply to the entire list at the same time in response to the instigating message. Other members soon respond, usually adding vitriol to the discussion, asking to be removed from the list, or pleading for the cessation of messages. If enough members reply to these unwanted messages this triggers a chain reaction of email messages. The sheer load of traffic generated by these storms can render the email servers inoperative, similar to a DDoS attack.
A related phenomenon occurs when a subscriber to a mailing list emails the mailing list to "UNSUBSCRIBE". People will reply to the hapless individual on the mailing list, half of them advising on how to unsubscribe, the other half referring to the manual of the mailing list manager. More subscribers will reply to the previous round of respondents, again to the list, this time about mailing list etiquette.
Some email viruses also have the capacity to create email storms, by sending copies of themselves to an infected user's contacts, including distribution lists, infecting the contacts in turn.
- On 14 October 1997, a Microsoft employee noticed that they were on an as-yet unknown email distribution list 'Bedlam DL3', and emailed the list asking to be removed. This list contained approximately a quarter of the company's employees, 13,000 email addresses. Other users replied to the list with similar requests and still others responded with pleas to stop replying to the list. A Microsoft employee estimates that 15 million emails were sent, using 195 GB of bandwidth.
- On 3 October 2007, an email storm was generated at the U.S. Department of Homeland Security, causing more than 2.2 million messages to be sent, and exposing the names of hundreds of security professionals.
- U.S. State Department employees were warned they could face disciplinary action for taking part in a massive email storm that "nearly knocked out one of the State Department's main electronic communications systems".
- In November 2012, New York University experienced a reply-all email storm due to an older listserv-based mailing list. There were 39,979 subscribed addresses affected.
- On 11 March 2013, over 8952 students from Imperial College London were subjected to an email storm after a final year medical requested to be removed from a mailing list, resulting in over 3.5 million email messages being sent. The mailing list was created, without permission, to advertise a campaign in the Imperial College Union Elections.
- On 18 September 2013, a Cisco employee sent an email to a 'sep_training1' mailing list requesting that an online training be performed. The list contained 23,570 members. The resulting storm of 'unsubscribe', 'me-too' requests, sarcastic facepalm images and recipes for broccoli casserole resulted in (by the time the list was closed) over 4 million emails and generating over 375GB of network traffic. The following month on 23 October 2013 a nearly identical email storm occurred when an employee sent a message to a Cisco group containing 34,562 members. The thread was flooded with "remove me from the list", "me too", "please don't reply-all", and even a pizza recipe.
- On 18 March 2014, over 47 000 employees from Capgemini were subjected to an email storm after an email with a bad email list. The result was about 400 emails sent to this mailing list in 4 hours (reply all) which represents 20 million emails (1.4 TB). Most of those emails were sent in order to signal a wrong recipient (or just to indicate "+1"), to ask stopping doing "reply all", jokes, and explanations about how to create Outlook rules to immediately put emails in the trash.
- On 17-18 May 2014, 220 emails were sent to 10,460 individuals (2.3 million emails in total) who were signed up to receive updates from the UK branch of the Personal Genome Project. This was due to people replying and including an incorrectly configured mailing list. The issue was contained by PGP-UK within 6 hours of the initial email being sent, and within 3 hours of the first reply-all. One person’s unique ID number, along with 220 email addresses and names were revealed to the entire mailing list, in some cases voluntarily so. 5 days after the incident, PGP-UK issued a full apology with a detailed description of the cause of the issue and the steps taken to contain and remedy the situation.
- "You Had Me at EHLO." Microsoft Exchange Team Blog. Retrieved 17 January 2009 from MSexchangeteam.com
- Lisa Vaas, DHS Injects Itself with DDos, eweek.com, 4 October 2007
- Reply-all e-mail storm hits State Department. Retrieved 17 January 2009 from Boston.com
- Retrieved 2012-11-29 from 40,000 NYU College Students Realize They Can E-Mail All 40,000 People at Once
- How an e-mailstorm happens, University of Michigan
- Virus-induced email storms, University of Michigan
(Note: as of 0ct 23, 2013, both these links are broken)