An email bomb or “mail bomb” is a malicious act in which a large number of email messages are sent to a single email address in a short period of time. The purpose of an email bomb is typically to overflow a user’s inbox. An email bombing is an attack on victim’s inbox that involves sending massive amounts of messages to victim’s address. Sometimes these messages are complete gibberish, but more often they’ll be confirmation emails for newsletters and subscriptions. In the latter case, the attacker uses a script to search the internet for forums and newsletters and then signs up for an account with victims email address. Each forum and newsletter will send victim a confirmation email asking to confirm victims email address. This process repeats across as many unprotected sites as the script can find.
The term “email bombing” can also refer to flooding an email server with too many emails in an attempt to overwhelm the email server and bring it down. But that could not be real goal of attacker. Instead of a denial-of-service (DOS) attack against the email servers victims are using, the onslaught of messages is a distraction to hide the attacker’s true intentions. An attack’s intensity can range from an inconvenience to a complete interruption of service. Some email bombs are accidental or self-inflicted, such as when automatic replies sent to a distribution list cause a cascade of emails. Additionally, Cyber-criminals sometimes use email bomb attacks to mask other attacks and prevent users from receiving notices about account activity.
Types of Email Bombs:
Mass mailing: This attack occurs when someone intentionally or unintentionally sends large quantities of email traffic to targeted email addresses.
List linking: These attacks involve malicious actors signing targeted email addresses up to numerous email subscription services. Many of these services do not ask for verification or if they do, they send confirmation requests via email. This type of attack is difficult to prevent because the traffic originates from various legitimate sources.
ZIP bomb: These attacks consist of attacker sending malicious archived files designed to decompress to very large sizes. When the email server decompresses the file, significant server resources are consumed, potentially causing the server to slow down or stop responding.
Attachments: This attacks occur when malicious attacker send multiple emails with large attachments, intending to overload the storage space on a server and cause the server to stop responding.
Reply-all email bombs: These attacks occur when distribution list members reply to all members of the list; instead of just the original sender. This floods inboxes with a cascade of emails, which are compounded by automated replies, such as out-of-office messages. This type of attack also occurs when a malicious actor spoofs an email and the automatic replies are directed toward the spoofed address.