One or more users are receiving thousands of emails from different subscription websites in a short period of time.
Subscription Bombing happens when a victim’s email address is harvested from the web and entered into thousands of web forms simultaneously by bots, resulting in a barrage of unwanted messages (sometimes as many as 20k+) to the victim’s mailbox. When this happens, the victim’s email address will often become unusable as a result of the sheer volume of mail that’s delivered to the single email address.
This type of attack is almost impossible to prevent because a user with a valid email address can spam any other valid email address, newsgroup, or bulletin-board service. In this case, the attack can be carried out automatically with simple scripts submitting the email address to thousands of unprotected registration forms without proper sign-up verification such as implementing CAPTCHA or Opt-in email.
Due to the nature of the attack where the e-mail address(s) are typically signed up to multiple legitimate mailing lists which makes it very difficult for detection as these would generally be legitimate mailings.
To help mitigate the attack, make sure to:
For affected email addresses you can create a new policy group for these users that removes newsletter and marketing emails by using a verdict that prevents delivery:
Alternatively, you can tag these mail items and deliver them to be handled by the recipient mail server or email client. The default rules for marketing/newsletter detection tags the mail items by modifying the subject line to include the detected category. Another potential way to tag the items would be to add a message header that can be read and acted upon by other mail processes to move the messages into a separate folder, such as a junk folder, for example.