An email bomb is a means to perform a denial-of-service (DoS) attack on an email server. Email bombing occurs when threat actors send tons of emails to a specific inbox to overwhelm it and its corresponding server. The result? The target’s inbox and server cease to function.

You can thus think of an email bomb as a DoS attack specific to email. Like a typical DoS attack, it can negatively affect a target organization’s operations. Stopping one of its email servers from working will halt communications inside and outside the network.

Read More about “Email Bomb

Since an email bomb is a form of DoS attack, it also relies on the use of a botnet. And its repercussions can last as long as the source of the attack hasn’t been blocked.

What Are the Signs of Email Bombing?

Like a typical DoS attack, you can detect email bombing if you see these signs:

  • A slowdown in network performance, specifically when accessing inboxes or sending emails
  • Higher-than-usual spam mail count

What Are the Different Kinds of Email Bomb Attacks?

Threat actors can perform email bombing in various ways. We named some of them below.

Attachment Attack

An attachment email bomb attack occurs when threat actors send tons of emails with large attachments. These messages are specially crafted to quickly eat up server storage space, rendering it unresponsive.

List Linking Attack

A list linking email bomb attack happens when threat actors use a target’s email address to sign up for multiple email subscription services. That would flood the email address with subscribed content. Note, however, that this is only possible if the subscription services don’t require verification. But, if successfully done can be hard to defend against because the traffic originates from legitimate sources.

Mass Mailing Attack

A mass mailing email bomb attack may not always be intentional. It can occur if a network-connected user sends an email to all contacts, especially if that list is extensive, instead of a single email address. However, threat actors can perform an intentional email bomb attack by using a botnet or malicious script to automatically fill up online forms with the target email address as the requesting or return address.

Reply All Attack

A reply all email bomb attack often happens by accident. Users may respond to an extensive list of email addresses instead of just the sender. In some cases, automated replies like out-of-office messages may be at fault. But threat actors can launch a reply all attack intentionally by spoofing a target email address and sending automatic responses to its entire contact list.

Zip Bomb Attack

A zip bomb attack requires threat actors to send a large compressed file to a target email address. When decompressed, the file takes up server resources, slowing it down. A zip bomb attack is also known as a “decompression bomb attack” or “zip of death attack.”

How Can You Protect Against Email Bombing?

Organizations can protect against email bombing by following these steps.

  • Enforce strict security policies regarding using business email addresses only for work-related subscriptions.
  • Keep email delivery software updated and patched at all times. Choose one with anti-malware features.
  • Enable tarpitting, the process of blocking or slowing down traffic from a sender’s IP address if it exceeds a predefined threshold (e.g., more than 10 emails per minute).
  • Consider blocking typical file attachment types like .zip, .7zip, .exe, and .rar.
  • Limit the maximum email attachment file size.
  • Ensure out-of-office, bounce back, and other automatic messages are only sent once.
  • Limit send permissions so only internal and authorized users may send to distribution lists.
  • Avoid posting plain text email addresses online.
  • Use a bulk mail filter to stop non-approved subscription-based emails from landing in inboxes.
  • If you rely on email marketing, implement CAPTCHA on your website’s subscription form so email bombers can’t use your email addresses.
  • Send opt-in emails to new subscribers to prevent unwanted emails.

Email bombing, like any other DoS attack, can cripple your operations. But it is avoidable if your organization heeds best practices.

Key Takeaways

  • An email bomb is a means to perform a DoS attack on an email server. Email bombing occurs when threat actors send tons of emails to a specific inbox to overwhelm it and its corresponding server.
  • You may be suffering from an email bomb attack if your network slows down, specifically when accessing inboxes or sending emails or when you have a higher-than-normal spam mail count.
  • Email bombing can come in the form of attachment, list linking, mass mailing, reply all, or zip attacks.

Other interesting terms…