We’ve discussed phishing, quishing, smishing, insider threats, and other methods that cyber criminals use to gain access to your accounts – but what about email bombing?
What is email bombing?
Email bombing is a malicious attack where cyber criminals send a barrage of emails to a mailbox to overwhelm the server. It’s a type of denial-of-service attack designed to:
-
Cause frustration
-
Distract the user
-
Cripple email servers
-
Spread malware
When hundreds (or thousands) of spam emails hit a mailbox at once, legitimate emails become buried. Users miss genuine alerts about sign-in attempts, financial transactions, or online order confirmations. Cyber criminals then exploit the chaos, often pretending to be the IT team to trick the user into clicking malicious links or granting access.
Types of Email Bombing Attacks
There are several forms of email bombing, each with different methods of disruption:
1. Attachment Attacks
Large or malicious attachments are sent repeatedly, consuming server resources and causing system strain when opened.
2. List-Linking Attacks
Attackers exploit mailing lists or group emails to generate a constant stream of incoming messages.
3. Reply-All Attacks
A single reply-all can trigger an infinite chain reaction as recipients continue replying, flooding inboxes.
4. Mass Mailing Attacks
Attackers automate thousands of emails to one account, overwhelming the mailbox quickly.
5. Zip-Bomb Attacks
A compressed attachment that expands dramatically in size when opened, overwhelming and potentially crashing systems.
A Real Example: How Techcare Responded to an Email Bombing Attack
Recently, one of our customers experienced a mass mailing attack targeting several user mailboxes.
Once identified, the Techcare team:
-
Blocked the accounts from receiving external emails
-
Checked each mailbox for breaches
-
Confirmed the accounts were secure
-
Performed a full clean-up to restore the inboxes to a usable, organised state
Swift action ensured minimal disruption and prevented further escalation.
How to Protect Your Business From Email Bombing
To reduce the risk of being email bombed, ensure the following are in place:
-
Strict security policies and employee training
Staff should be able to recognise suspicious emails, attachments, and unexpected message surges. -
Email delivery software with robust anti-malware tools
This helps detect and block harmful attachments automatically. -
Bulk email filters
Mass emails can be redirected into separate folders, preventing inbox overload.
What To Do If You’re Experiencing an Email Bomb Attack
If you think you’re under attack:
👉 Contact your IT team or managed IT provider immediately.
Email bombing is time-sensitive, and fast action significantly reduces the impact.
