Email subscription bomb attack

book

Article ID: 170459

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

One or more users are receiving thousands of emails from different subscription websites in a short period of time.

Cause

Subscription Bombing happens when a victim’s email address is harvested from the web and entered into thousands of web forms simultaneously by bots, resulting in a barrage of unwanted messages (sometimes as many as 20k+) to the victim’s mailbox. When this happens, the victim’s email address will often become unusable as a result of the sheer volume of mail that’s delivered to the single email address.

This type of attack is almost impossible to prevent because a user with a valid email address can spam any other valid email address, newsgroup, or bulletin-board service. In this case, the attack can be carried out automatically with simple scripts submitting the email address to thousands of unprotected registration forms without proper sign-up verification such as implementing CAPTCHA or Opt-in email.

 

Environment

Email Security.cloud

Resolution

Detection

Due to the nature of the attack where the e-mail address(s) are typically signed up to multiple legitimate mailing lists which makes it very difficult for detection as these would generally be legitimate mailings.

To help mitigate the attack, make sure to:

Enable Newsletter filtering for the user

To define an Anti-Spam group:

  1. Select Services > Email Services > Anti-Spam.
  2. From the domains drop-down list, select the domain where you want to create the group.
  3. Click the Groups tab.
  4. Click Create new group. The window is displayed.
  5. In the Create Group dialog box, enter a Group Name of up to 50 characters.
  6. Group names can only contain alphanumeric characters and spaces.
  7. To display the email address of the user under attack, type it in the search box and click Search.
  8. Locate and select an email address to add to the group and click Add to a group.
    The address is displayed in the Group Members box.
  9. Repeat step 8 to add additional group members. When you are finished, or if you want to add group members by uploading a .csv file, click Save.

To choose Anti-Spam detection settings that apply only to the specific Anti-Spam group within a domain

  1. Click Services > Email Services > Anti-Spam.
  2. Click the Detection Settings tab.
  3. From the Global Settings dropdown list, choose a domain.
  4. Select the Anti-Spam group from the dropdown list. A groups list appears only if groups have already been defined for the domain.
  5. Choose the detection settings that you want to apply to the domain or group. For settings that require an action, choose an action from the dropdown list.
    See About Anti-Spam best practice settings and actions.
  6. At the bottom of the page, click Save and Exit.
     

Prevention/Reaction

Clean-up process:

  • Make sure that the user's email address is not listed on the web where it can be harvested by any bot.
  • Simply run a web search for the user's email address on Google's search engine or any other popular search engine.
  • If listed, proceed to work with the email list to get the email address removed.
  • If the email is coming up with the search results but does not show up in the email list, proceed to submit the URL to Google to remove outdated search results. Other web search providers also have their own removal processes, such as Bing and Yahoo.
  • Efforts to help clean up the user's mailbox can be extensive, the user's email address can be changed or renamed to help expedite this process.
  • If further help is required, contact our Technical Support Team via phone or by opening a support case.

Attachments