Subscription Bombing: Email under Attack

What is it about?

Email subscription bombing, also known as subscription flooding, is an emerging attack vector in which an attacker subscribes the victim to thousands of mailing lists, flooding the victim's mailbox. This paper shows analysis of 24 real subscription bombing attack campaigns, helps provide insights into operational patterns of these campaigns, and mitigation strategies.

Featured Image

Photo by CHUTTERSNAP on Unsplash

Photo by CHUTTERSNAP on Unsplash

Why is it important?

Modern spam filtering relies on multiple signals, including sender reputation, email headers, and message content. For subscription attacks, the sending server generally has a good reputation and is not on a public blocklist; header checks (such as SPF, DMARC, or DKIM) are usually passed, and the subject and body text are different for each email and generally do not match typical phishing phrases that could be detected. While the flood of messages renders the inbox unusable, the true objective is often not just denial-of-service but to hide specific legitimate emails that arrive during the attack, thereby obscuring unauthorized financial transactions, account compromises, or ransomware deployment attempts.