Unsolicited Spam Email – Email Bomb

Users bombarded with unsolicited spam email as a result of email bomb

Situation: You are suddenly receiving a large amount of unwanted email. This is primarily made up of confirmation emails for websites, newsletters or forums that you did not sign up for.

Solution: Although this is a difficult situation to prevent, the below suggestions can help reduce the impact of this type of attack. These actions should all be used only temporarily until the attack subsides.


You may suddenly be bombarded by hundreds of unsolicited email messages, possibly even in other languages. This typically indicates you are the victim of what is sometimes called an email bomb or a form attack.

What is an email bomb?

This occurs when somebody intentionally enters an email address into an automated script that registers the email address at thousands of websites around the world. The email showing up in the user’s mailbox is the result of all of those unwanted registrations. The messages are nearly all confirmations of registering, or signing up for a newsletter, or creating an account, etc.

Why aren’t they stopped?

Because the messages are essentially legitimate (as far as the sender is concerned, they are replying to someone who legitimately signed up for their service), many of the messages will not be scored very high for spam, and will consequently not be stopped by our engine. A combination of the following steps may help minimize the impact of this type of attack:

Possible solutions (Temporary)

These Steps Are Only Temporary

Recognize that any of these steps will have consequences if left in place long term and should be considered temporary remediation steps to take only until the attack ends. These attacks typically die down substantially after several hours and are usually over within a couple of days.


  • Since many of these messages will be recognized as bulk, make sure the ‘Quarantine bulk email’ option is enabled for that user (found in the Spam settings).

Spam Sensitivity

  • Temporarily lower the spam sensitivity slider (at Company Settings > Spam). This reduces the threshold for messages to be quarantined.


  • Create a custom Geo Location filter that allows the email from your own country as the majority of these messages come from other countries (at Company Settings > Filters). Speak to your account manager for assistance.
  • Create a custom filter to quarantine messages with the word ‘verification’ or ‘confirmation’ (or confirm, or welcome, or . . . ) in the Subject (or even in the body).

Disable User

  • This should only be considered an extreme, last resort option.
  • (More extreme) Temporarily disable the user’s account until the storm subsides.

Email spoofing: What is it and how to prevent it

Anti-Phishing Protection

Contact Sales