British NHS DDOS attacks itself via email sent to 1.2M staff

Reminds me of the &quot;Bedlam DL3&quot; story from Microsoft [0].<p>[0] <a href="https:&#x2F;&#x2F;blogs.technet.microsoft.com&#x2F;exchange&#x2F;2004&#x2F;04&#x2F;08&#x2F;me-too&#x2F;" rel="nofollow">https:&#x2F;&#x2F;blogs.technet.microsoft.com&#x2F;exchange&#x2F;2004&#x2F;04&#x2F;08&#x2F;me-t...</a>

Somewhat odd that in setups this large emails to all are unregulated. I&#x27;d expect those to go through some &quot;approval&quot; channel.

This happened at Qualcomm once. Some IT email was sent out to most of the corp and then people&#x27;s vacation&#x2F;out-of-office auto-reply-to-all propagated it more. Then people would send reply-all messages like &quot;remove me from this list!&quot; it went on for most of the day.

Can <i>anyone</i> explain why people leave their servers configured to allow arbitrarily long To: lists? Any large organization is just one mistake away from a Reply-All apocalypse.

This is not a ddos attack. More like ddos mistake or accident.

Dupe: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=12950830" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=12950830</a>

This is reminiscent of at least one IT Crowd episode (I forget the title), and so typical...

Two stories about this topic on the front-page right now. Merge them?