Category: 

What is a Mail Bomb?

Mail bombs are an effective ploy because of the ways in which email accounts are set up.
Article Details
  • Written By: R. Kayne
  • Edited By: O. Wallace
  • Last Modified Date: 06 October 2014
  • Copyright Protected:
    2003-2014
    Conjecture Corporation
  • Print this Article
Free Widgets for your Site/Blog
In the US, men comprise 81% of lighting strike victims.  more...

October 22 ,  1962 :  US President John F. Kennedy ordered an air and naval blockade in Cuba.  more...

An email bomb, or mail bomb for short, is an act of malicious net abuse whereby an email account is purposely flooded with data or messages, making the account inaccessible. The account might be down for hours or for days, and can result in the Internet Service Provider (ISP) discontinuing service to the victim of the attack. This is because a mail bomb can cause an ISPs mail server to crash, affecting not just the victim, but all of the ISPs clients. When a mail server is down, no one who subscribes to that ISP can send or receive email through the provider.

People who send mail bombs are known as lusers (losers) within the hacking community. It is considered an infantile form of striking out, a simplistic and crude attack that carelessly affects many more people than the perpetrator’s target(s). There are a few methods for sending a mail bomb, overviewed here in general terms.

A mail bomb is effective because of the way email accounts are handled. Email accounts reside on a mail server, or computers with software designed to send and receive mail. A receiving mail server has allocated space for virtual mailboxes assigned to its clients. For example, an ISP might have 100,000 subscribers, and 300,000 mailboxes, (many people have more than one email address). It’s easy to see that even a relatively small mail server such as shown in the example can potentially handle hundreds of thousands of emails each day.

Ad

When a mail server becomes flooded by a mail bomb, the computer’s available resources are consumed and the system overloads to the point of crashing. The mail bomb might consist of a single compressed file that decompresses into a very large file filled with repetitive data that overwhelms and hangs the system. In other cases a perpetrator will use a “botnet,” (robot network) to do the dirty work.

A botnet is a network of infected computers, surreptitiously under remote control of the perpetrator. The controller of a botnet can send out a single command that reaches all computers in the botnet. This can be hundreds, thousands, or even over a million computers.

The botnet ISPs do not catch the attack going out because each computer is only sending one or two messages. The result is that the targeted email account receives a mail bomb of potentially millions of emails at once. This can be costly to the ISP that receives the mail bomb, as getting the mail server back online to receive legitimate mail while blocking inbound messages from a botnet-sourced mail bomb can be a difficult task. This type of mail bomb is known as a Distributed Denial of Service (DDoS) attack.

Another method is to use a party’s email address in order to subscribe the person to multiple mailing lists. A mailing list is a discussion forum that propagates via email. One must subscribe to the list to get on it, and unsubscribe to cease receiving the list’s messages. All subscribers get all messages sent to the list. If the list is popular, this can result in dozens of messages per day. A mailing list mail bomb occurs when a victim is automatically subscribed to hundreds of mailing lists without his or her knowledge or permission. The victim must then manually unsubscribe from each list, or change his or her email address and close the old account.

A mail bomb is a serious offense and is against the Terms of Service of all ISPs. One way to protect yourself against a mail bomb is to save your ISP's email address for private use, giving it to trusted friends and family only. A free Web-based email address can be used for registering at websites, participating in Web forums, or online gaming. If a mail bomb is sent to this address, the website will still have to deal with the attack and you might lose your free account. However, you will still have your ISP, your private email address, and you can create a new, free address at another website.

Ad

More from Wisegeek

You might also Like

Discuss this Article

anon160699
Post 4

Email was designed back in the 60's. Nobody foresaw the way it would be abused in the present day when it was being designed. Email is inherently insecure. Everything anyone has ever done to deal with the problem of spam up to this point in time has been nothing but a stop-gap measure. Email needs to be overhauled with security built-in. People have proposed this and are even working on it. Problem is it requires an overhaul of millions and millions if not billions of email accounts and servers, so it is not practical at this point. So for now, we just live with this crap!

arod2b42
Post 3

@BigBloom

When people are harming other people, or use the internet with malicious intent, they should not be allowed to be online. This is the opinion of most people, I think it would win out in a democratic system. Harmful issues like mail bombing and viruses can harm someone's livelihood, and have various indirect consequences which most people aren't even aware of.

BigBloom
Post 2

@ShadowGenius

What about freedom of speech and a free market? I think everyone should be allowed to have access to the internet world without conditions.

ShadowGenius
Post 1

The layman should become acquainted with hacking and computer code for the sake of protection in an increasingly internet-dependent world. It is also the job of people in charge of the internet to follow netiquette and not break the laws of usage. At some point, it is very likely that people will be required to have accounts to access the internet, and will be rated on how well they steward this privilege.

Post your comments

Post Anonymously

Login

username
password
forgot password?

Register

username
password
confirm
email