My friend and colleague Paul Lord said, "Good marketing can kill you at any time."
He was describing a failure mode that I discuss in Release It!: Design and Deploy Production-Ready Software as "Attacks of Self-Denial". These have all the characteristics of a distributed denial-of-service attack (DDoS), except that a company asks for it. No, I'm not blaming the victim for electronic vandalism... I mean, they actually ask for the attack.
The anti-pattern goes something like this: marketing conceives of a brilliant promotion, which they send to 10,000 customers. Some of those 10,000 pass the offer along to their friends. Some of them post it to sites like FatWallet or TechBargains. On the appointed day, hour, and minute, the site has a date with destiny as a million or more potential customers hit the deep link that marketing sent around in the email. You know, the one that bypasses the content distribution network, embeds a session ID in the URL, and uses SSL?
Nearly every retailer I know has done this to themselves at one point. Two holidays ago, one of my clients did it to themselves, when they announced that XBox 360 preorders would begin at a certain day and time. Between actual customers and the amateur shop-bots that the tech-savvy segment cobbled together, the site got crushed. (Yes, this was one where marketing sent the deep link that bypassed all the caching and bot-traps.)
Last holiday, Amazon did it to themselves when they discounted the XBox 360 by $300. (What is it about the XBox 360?) They offered a thousand units at the discounted price and got ten million shoppers. All of Amazon was inaccessible for at least 20 minutes. (It may not sound like much, but some estimates say Amazon generates $1,000,000 per hour during the holiday season, so that 20 minute outage probably cost them around $200,000!)
In Release It!, I discuss some non-technical ways to mitigate this behavior, as well as some design and architecture patterns you can apply to minimize damage when one of these Attacks of Self-Denial occur.