Microsoft is launching Microsoft 365 email storm protection measures for enterprises

by ·

An email storm is a relative problem in large enterprises. This kind of network attack activity is mainly caused by some employees of the enterprise unintentionally.

The so-called email storm refers to the accidental choice of sending all or replying when sending emails or replying to emails, and then the emails are pushed to all members.

The mail system of a large enterprise may cover tens of thousands or even hundreds of thousands of employees in multi-region branches or offices, and the wrong operation will generate a large amount of mail.

This kind of mail storm is sometimes comparable to a distributed denial of service (DDoS) attack, which may destroy one or more servers used for the mail system in an instant.

Microsoft said that when all the replies in the organization generate a mail storm, it may cause problems such as business interruption and disruption of business continuity.

Image: Microsoft

In response to such situations, the Exchange Online team is launching a response plan, which can immediately interrupt mail delivery when a mail storm is detected.

Microsoft said that if a mail storm is detected, the data will be interrupted and the Non-Delivery Receipt (NDR) will be returned to the sender without the delivery receipt, allowing the sender to confirm and then re-operate.

After the interruption, the data block will be kept for several hours to wait for the sender to re-operate. If the sender does not perform the operation, the data will be automatically destroyed after a few hours.

Microsoft said that at this stage, it will deal with the mail storm problem according to the best interception efficiency, but the company will collect telemetry data to continue to adjust the mail interception strategy.

In the future, Microsoft may detect when a user sends an email to select a contact. If it detects that the user selects all members of the organization, a corresponding reminder will pop up.

Because in a large organization, too many members directly send a large amount of mail will seriously affect server performance, of course, if it is a small and medium-sized enterprise, the impact will not be very large.

Via: bleepingcomputer

Tags: