Imagine letting an employee account accidentally start a reply-all remove request freakout spam chain to an email list of around 50k people… Then not updating policy so of course eventually it happens again! Like wow what a hilarious org wide focus disrupting dos attack.