Email bombing is a form of denial of service attack that floods a mailbox and mail server with messages. It can be coordinated in various ways, including list bombing and hijacking email accounts. It can cause serious problems, including server overload and security risks. Techniques to deal with email bombardment include keeping multiple email addresses and implementing server-side protections. ISPs consider email bombing a violation of their terms of service and may suspend accounts involved in such attacks.
Email bombing is a form of denial of service attack that floods a mailbox and mail server with messages. If enough messages are sent, the systems may be overloaded and will stop working. Many Internet Service Providers (ISPs) consider email bombing a violation of their terms of service and will suspend the accounts of people involved in such attacks.
There are several ways to coordinate an email bombing attack. One is to send a large number of emails directly, often using multiple accounts. Spreading email across many accounts will also make it harder to pinpoint the source of the attack and won’t flag ISPs reporting a high volume of email from a single account. A virus can be written to hijack email accounts held by other people and use them to bomb the target.
Another option is the so-called “list bombing”, in which the subject is subscribed to a large number of mailing lists. Email bombers may also use tactics such as displaying an email address on web pages in a format that is easy for bots to detect, in the hopes that the target will be flooded with spam. Spam, however, can be filtered and stored separately, making list bombing an attractive option because communications from mailing lists are usually sent directly to the mailbox.
Using email verification for mailing lists is designed to prevent abusive signups, but email bombardment can involve workarounds. For example, the attacker can create a new signup email address, click the link in the confirmation email, and then set up the account to forward to the target. The target will receive communications from the mailing list and will not be able to unsubscribe because the mailings are not sent directly through the organization.
This type of attack can be a low-level annoyance, but it can also become a serious problem. If the email bombing is aimed at a business or professional email, someone may not be able to access business emails. If the server gets overloaded or the mailbox is full, the legitimate emails sent to the target might get rejected and the target will not be able to send emails. It can also become a security problem if the email bombing includes emails with embedded viruses, malware or spyware and the sender accidentally opens them.
There are several techniques that can be used to deal with email bombardment. Keeping multiple email addresses for different activities can help. Server-side protections can include temporary suspensions of accounts that appear to be targets of email bombs while the situation is being addressed.
Protect your devices with Threat Protection by NordVPN
