www.techtarget.com Open in urlscan Pro
2606:4700:4400::6812:2a27  Public Scan

Form analysis
1 forms found in the DOM

GET https://www.techtarget.com/search/query

<form action="https://www.techtarget.com/search/query" method="get" class="header-search">
  <label for="header-search-input" class="visuallyhidden">Search the TechTarget Network</label>
  <input class="header-search-input ui-autocomplete-input" id="header-search-input" autocomplete="off" type="text" name="q" placeholder="Search the TechTarget Network">
  <button aria-label="Search" class="header-search-submit"><i class="icon" data-icon="g"></i></button>
</form>

Text Content

3
Trending Now

How to defend your attack surface: Internet operations managementDownload
NowView All3
X
3Hello, these 3 documents have been trending and as a member they are free to
you.
 * 
   How to defend your attack surface: Internet operations managementDownload Now
 * 
   Utilizing Microsoft Exchange and ServiceNow to protect against
   phishingDownload Now
 * 
   12 security orchestration use casesDownload Now




SearchSecurity
Search the TechTarget Network
Sign-up now. Start my free, unlimited access.
Login Register
 * Techtarget Network
 * News
 * Features
 * Tips
 * Webinars
 * More Content
    * Answers
    * Definitions
    * Essential Guides
    * Opinions
    * Photo Stories
    * Podcasts
    * Quizzes
    * Tech Accelerators
    * Tutorials
    * Sponsored Communities

 * Tech Accelerators

 * SearchSecurity
 * Topic Threats and vulnerabilities
    * Application and platform security
    * Careers and certifications
    * Cloud security
    * Compliance
    * Data security and privacy
    * Identity and access management
    * Network security
    * Risk management
    * Security analytics and automation
    * Security operations and management
    * Threat detection and response
    * All Topics

 * Follow:
 * 
 * 
 * 


 * Home
 * Threats and vulnerabilities
 * Threat management
 * mail bomb

Definition


MAIL BOMB


Share this item with your network:

 * 
 * 
 * 


By
 * Andrew Zola


WHAT IS A MAIL BOMB?

A mail bomb is a form of a denial-of-service (DoS) attack designed to overwhelm
an inbox or inhibit a server by sending a massive number of emails to a specific
person or system. The aim is to fill up the recipient's disk space on the server
or overload a server to stop it from functioning.

Also known as email bombs and letter bombs, mail bombs inconvenience not only
the intended target but everyone who uses the server. When a server is
unresponsive, it can degrade network performance and potentially lead to
downtime.

Mail bomb attacks are usually initiated -- intentionally or unintentionally --
by a botnet, a single actor or a group of actors. The damage caused by a mail
bomb can range from a minor inconvenience to a total disruption of services.
Mail bomb attacks can last for several hours if no effort is made to filter,
mitigate or block the attacking traffic.

Signs of a bot-driven denial-of-service attack



WHAT ARE THE DIFFERENT TYPES OF MAIL BOMB ATTACKS?

There are many forms of mails bombs. These are the most common tactics used by
threat actors:

 * Attachment. An attachment attack occurs when multiple emails with large
   attachments are sent. They are designed to overload server storage space
   quickly and render it unresponsive.
 * List linking. A list linking attack is a tactic used by threat actors to sign
   up targeted emails to multiple email subscription services. The goal is to
   flood email addresses indirectly with subscribed content. This is possible
   because many subscription services do not require verification. If they did,
   the verification emails could be used as a list linking mail bomb attack. It
   is difficult to defend against list linking attacks because the traffic
   originates from legitimate sources.
 * Mass mailing. Mass mailing is a type of mail bomb that is not always
   intentional. For example, instead of clicking on one email address, a user
   may accidentally select all and mistakenly send the email to hundreds or
   thousands of targeted email addresses.
   * Intentional mass mail bombs are often initiated by using botnets or
     malicious scripts. For example, threat actors can automate the filling of
     online forms with the target email address as the requesting/return
     address.


 * Reply all. When a user responds by clicking Reply All to an extensive list of
   email addresses instead of just the original sender, inboxes are flooded with
   emails. Automated replies, such as out-of-office messages, often compound
   these emails. Often, reply-all mail bombs are accidental rather than an email
   bomb attack. However, threat actors can spoof email addresses and related
   automatic replies and direct them to spoofed addresses.
 * Zip bomb. A zip bomb, also known as a decompression bomb or zip of death
   attack, is a large and compressed archive file sent to an email address that,
   when decompressed, consumes available server resources and impacts server
   performance.

In the past, mail bombs were used to punish internet users who were egregious
violators of netiquette -- for example, people using email for undesired
advertising or spam. Today, senders of mail bombs expose themselves to
reciprocal mail bombs or legal action.


HOW DO YOU DEFEND AGAINST MAIL BOMBS?

To defend against or prevent mail bombs, organizations must enforce security
policies that address user behavior and technical processes.

For example, users should avoid using work email addresses to subscribe to
non-work-related services. Additionally, users should limit their online
exposure to direct email addresses by using contact forms that do not expose
email addresses.



See also: risk mitigation, acceptable use policy, corporate email policy, most
important email security protocols and common types of malware attacks and how
to prevent them.

This was last updated in April 2022

CONTINUE READING ABOUT MAIL BOMB

 * Does email security need a human solution or a tech solution?

 * The top 3 email security threats and how to defuse them

 * 12 Microsoft Exchange Server security best practices

 * Top 11 email security best practices for 2022

 * Browse 9 email security gateway options for your enterprise



RELATED TERMS

man in the browser (MitB) Man in the browser (MitB) is a security attack where
the perpetrator installs a Trojan horse on the victim's computer that is ...
See complete definition Sender Policy Framework (SPF) Sender Policy Framework
(SPF) is a protocol designed to restrict who can use an organization's domain as
the source of an email ... See complete definition SYN flood attack A SYN flood
attack is a type of denial-of-service (DoS) attack on a computer server.
See complete definition

DIG DEEPER ON THREATS AND VULNERABILITIES

 * MICROSOFT OUTLOOK
   
   
   By: Alexander Gillis

 * LOGIC BOMB
   
   
   By: Rahul Awati

 * EMAIL SPOOFING
   
   
   By: Peter Loshin

 * BUSINESS EMAIL COMPROMISE MOVES CLOSER TO ADVANCED THREATS
   
   By: Adam Rice

Sponsored News
 * A New Level of Built-In PC Security –Intel
 * Modernizing Cyber Resilience Using a Services-Based Model –Dell Technologies
 * See More

Vendor Resources
 * CEO Impersonation –Inky Technology




-ADS BY GOOGLE

Latest TechTarget resources
 * Cloud Security
 * Networking
 * CIO
 * Enterprise Desktop
 * Cloud Computing
 * Computer Weekly

SearchCloudSecurity
 * Cloud security still needs a lot more work, say European experts
   
   Security and privacy remain a stumbling block for cloud computing, according
   to information experts at the Trust in the Digital ...

 * Amazon Workspaces gets MFA security update
   
   Amazon Web Services has added multifactor authentication to its WorkSpaces
   cloud desktop service, the first step in a larger ...

 * Black Hat 2014: Researcher reveals Amazon cloud security weaknesses
   
   At Black Hat 2014, a researcher showed how AWS cloud security flaws and
   misconfigurations can have devastating consequences for ...

SearchNetworking
 * How zero trust unifies network virtualization
   
   The combination of zero trust and network virtualization creates
   opportunities to strengthen security policies, increase ...

 * Cisco Live 2022 conference coverage, news and analysis
   
   Cisco Live 2022, an in-person and online conference, highlights top
   networking trends. The five-day event also features keynote ...

 * What software-defined LAN means for campus virtualization
   
   LAN virtualization has long encompassed VLANs to segment network traffic. But
   software-defined LAN is emerging with zero-trust ...

SearchCIO
 * How IT leaders can drive digital innovation
   
   More CEOs want their CIOs and CDOs to think strategically and help transform
   their organizations' products and services. Learn ...

 * 4 enterprise software-buying team roles IT should understand
   
   The enterprise software team has critical tasks to achieve for your
   organization's success. This guide explains each person's ...

 * Digital Advertising Act aims to break up big tech ad platforms
   
   The Competition and Transparency in Digital Advertising Act amends an
   existing antitrust law to include a section specifically ...

SearchEnterpriseDesktop
 * Use this 10-step patch management process to ensure success
   
   Following these steps will help keep your software updated, largely bug-free
   and secure from cyberthreats while making patch ...

 * Microsoft won't lower software costs on AWS, Google clouds
   
   Microsoft plans to loosen restrictions to lower the cost of running Office
   and Windows on clouds smaller than Azure. The changes ...

 * How to support Mac computers in Windows environments
   
   Organizations that support both Windows and Mac desktops must approach them
   differently, but there is plenty of overlap with the ...

SearchCloudComputing
 * Implement these 4 AWS Organizations best practices
   
   To successfully use AWS Organizations, admins must grasp key concepts related
   to organizational units, service control policies, ...

 * How to deploy an EKS cluster using Terraform
   
   Terraform benefits include scalability, repeatable infrastructure and cost
   efficiency. Follow this step-by-step tutorial to learn...

 * Cost savings among the biggest cloud fallacies
   
   Experts at the MIT Sloan CIO Symposium described the advantages that justify
   the high cost of moving to the cloud while ...

ComputerWeekly.com
 * How digital twins can improve datacentre operations
   
   Singapore’s Red Dot Analytics has built an AI-powered digital twin platform
   that lets datacentre operators simulate their ...

 * Indian stock exchange taps data analytics
   
   The National Stock Exchange of India is tapping data analytics to speed up
   and improve regulatory decision making

 * Four obstacles to hybrid cloud storage – and possible solutions
   
   We look at obstacles to hybrid cloud storage, such as complexity, a need for
   object storage, application suitability, and cost, ...

 * About Us
 * Editorial Ethics Policy
 * Meet The Editors
 * Contact Us
 * Videos
 * Photo Stories

 * Definitions
 * Guides
 * Advertisers
 * Business Partners
 * Media Kit
 * Corporate Site

 * Contributors
 * CPE and CISSP Training
 * Reprints
 * Events
 * E-Products

All Rights Reserved, Copyright 2000 - 2022, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info


Close