Definition[edit | edit source]
Email bombing involves attackers repeatedly sending an email message to a particular email address at a victim's site. In many instances, the message will be large and constructed from meaningless data in an effort to consume large amounts of system and network resources. Multiple accounts at the target site may be attacked, increasing the denial of service impact.
Overview[edit | edit source]
Email bombing is a type of denial of service attack (DoS). A DoS attack by definition either prevents authorized access to resources or causes delay (e.g., long response times) of time-critical operations. Hence email bombing is a major availability threat to an email system since it can potentially consume substantial Internet bandwidth as well as storage space in the message stores of recipients. An email bombing attack can be launched in several ways:
- An adversary can employ any (anonymous) email account to constantly bombard the victim's email account with arbitrary messages (that may contain very long attachments).
- If an adversary controls an MTA, the adversary can run a program that automatically composes and transmits messages.
- An adversary can post a controversial or official statement to a large audience (e.g., a social network) using the victim's return email address. Humans will read the message and respond with individually crafted messages that may be very hard to filter with automated techniques. The responses to this posting will eventually flood the victim's email account.
- An adversary may subscribe the victim's email address to many mailing lists (listservers). The generated messages are then sent to the victim, until the victim's email address is unsubscribed from those lists.
Spam is one type email bombing.
Source[edit | edit source]
- NIST Special Publication 800-177, at 18.