Reply All

By Noah Scholfield

The story of the 1,000+ emails 4,000+ of us got on February 10th and 11th

Introduction

It all started at 10:50PM on Sunday, February 10th when someone's account got hacked and sent out a phishing email to a Pitt Dining email distirbution list with 4,000+ people on it. Soon people realized that they could reply-all to this email and it would go to everyone. This resulted in many memes, social usernames, SoundCloud links, dog pictures, and other messages being sent in a flood of notifications.

Let me out!

Soon after, people wanted out. But how to get out? Someone offered "help" by telling everyone to reply-all the cryptic messge Force remove-1573AQ to be immediately removed from the mass email. However, this person was just trolling so the tsunami of emails switched from a seemingly university-wide group chat of sorts to email after email of Force remove-1573AQ from people trying to escape the flood of emails. Later someone corrected that person and suggested yet another, more criptic way, to be removed from this snowball of messages.


      <html>
        <javascript> rmdir.pittemail</javascript>
        <code =stop reciving> </code>
        <Front =no> </Front>
      </html>

But surprise, surprise, that didn't work either.

Data

I put all of the email data from the emails that I received into Excel to find out how many people were involved and what they said. Here's what I found.

There were a total of 1,104 email received over the roughly 12 hours that this was going on presumably received by the 4,175 people on the distribution list that this was sent to.

Email Contents

This graph shows the number of messages containing the same first line of the message.

Turns out lots of people fell for the "Force remove" trick. There were also many people that put both "unsubscribe messages" in the email and hoped for the best which isn't really represented in this graph.

I noticed that many people who sent emails had an Outlook App signature which made me wonder what the share iOS vs Android was since the signature includes that info. Of all the emails, roughly half of them had such a signature. Here is the graph showing the OS share based upon the messages that did include the signature.

Mobile OS Share

You can click on the labels on the top right to show or hide that category.

This data isn't super accurate because it involved trying to parse the individual messages which was somewhat difficult because they weren't all formatted the same way. And again only about half of the emails included this signature at all so the data isn't fully represenative.

So it looks like Outlook was both the winner and loser in all of this mess because it had to handle delivery of all these emails, but it's app got lots of advertisement.

Resolution

The emails continued to come in until after 10:30AM until a setting on the distribution list was finally changed preventing just anyone from using it to email or reply-all to. Now we just have to wonder if this is going to happen again with a different distribution list, and if anyone will get dining emails anymore since many people filtered them all out to stop their inbox from overflowing.

Links