Home From The Field To Kill A Server: The Time-Bomb Email [story]

To Kill A Server: The Time-Bomb Email [story]

To Kill A Server: The Time-Bomb Email [story]

I used to work at a university, doing general IT-stuff, such as cleaning out data, shouting at people to clean out their personal account, retrieving “lost” data, etc. etc.

One fateful day, an unnamed faculty member decided to use her contacts to promote her friends baby in some popularity competition, thinking to use the rougly 8000 students and faculty at the universe to garner some e-votes. This is against policy, but not terrible in itself. Her method, however, was much worse than her intentions. Here is a short timeline of the events.

  • At 3 am, Timebomb-Mary sent an email containing a 200kb picture and several lines of text to every single mailing list and contact she could find on her account.
  • Around 8.30am, people check their email. 7988 people roll their eyes and delete the email. A dozen people responding with various forms of “I can’t believe you did this” using the reply-to-all button. People demanded everyone stop replying-to-all… using reply-to-all. Of course, students being students, things got out of hand quickly.
  • At 9.30am, thanks to Exchange quoting the previous email on reply, and helpfully including all previous email addresses, single emails started reaching 12mb each, one single reply generating almost 10gb of data.
  • At 9.35am, every single mailbox on campus was full, and generating 8000 “This person cannot recieve your email” messages per reply. 30 seconds later, the overflow to prevent people actually losing email was also full.
  • At 9.38am, the exchange server gave up.

The email server had to be taken down, the emails deleted and severe punishment was threatened for those who would use the timebomb email again. 14 TB of spam was deleted, over 150.000 messages were lost due to full mailboxes, an unknown number of which were actually relevant. 180 accounts were semi-wrongfully quarantined for sending spam, before that system too ground to a screeching halt.I never did find out what happened to the person who started this, but I can only hope it was painful.

Leave it to users, they break everything sooner or later. -Scott


  1. Been there.

    We had an instance where we had a local network, and a co-lo facility. Email and Phones came into the co-lo and then was routed up to our office.

    The boss’s assistant sent out a half dozen uncompressed baby pictures to everyone in the company.

    We lost internet and subsequently phones for the 20 minutes or so that was needed to resolve the exchange sync-ing. I was.. displeased.

  2. This happened to me once, in a government organisation. Someone sent an e-mail about “the benefits of prescribing bariatric surgery” to All In Organisation and it was rejected because she didn’t have clearance to use that list. So she forwarded it to someone with the same surname, who figured out you could break down that list into its constituent components.
    Of course, everyone hit Reply To All there as well. For 12 thousand staff, as well as various departmental e-mail accounts. In the middle of it, the communications department sent out a warning not to use Reply To All when the entire organisation has been copied in. It was followed by a continuing torrent of “I would also like to be removed from this list” Reply To All messages.
    Eventually, either the system crashed or the IT department shut it down. When it restarted, any e-mail with more than 10 recipients was automatically cancelled. Disciplinaries were called and I really hope the duo that started the thing lost their jobs.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.