I have a client who is the victim of an email bomb. She started receiving hundreds of mails from websites all over the Internet. Nearly all of them were the kind of subscription confirmation email you would get after signing up for a newsletter, forum, or other subscription service. When I say they came from all over, she had emails in French, German, Russian, Chinese, Japanese, and many other languages in addition to English.
This is a DDoS (distributed denial of service) attack, and it happens when an attacker uses automated bots and scripts to sign your email address up to thousands of online registration and subscription forms. Each subscription generates and auto response message. These messages come from many sites, and are not blocked by spam or phishing filters, since they are legitimate responses from trusted websites.
The good news was that most of these email responders required that a link be clicked in order to confirm the “subscription” and consequently, since we were NOT replying, this would be the only email from each particular site. The bad news is that some sites just simply take the subscription without confirming, meaning that regular newsletters and other emails will be coming, and you would need to unsubscribe to each individually.
The purpose of these sorts of attacks are usually to provide distraction from other attacks being carried out simultaneously, such as unauthorized purchases, financial transactions, or credit card usage. The transaction advice emails that are sent get lost in the traffic, as victims resort to bulk deletions to empty their inbox.
The only way to reduce the flow is to set up email filters that block words such as subscription, confirm, confirmation and similar terms found in these emails. You can use Google Translate to find what foreign words you need to block. Working through the barrage may take a week, or two, and in the end you may be stuck with some very persistent newsletter emailers.
If you run a website that has any sort of sign-up or subscription form, be sure to add a CAPTCHA to the form to prevent having your site used for this sort of reflection DDoS attack.
More information:
How to Survive an Email Bomb Attack
ShareJUL
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com