What is a Mail Bomb?

An email bomb, or mail bomb for short, is an act of malicious net abuse whereby an email account is purposely flooded with data or messages, making the account inaccessible. The account might be down for hours or for days, and can result in the Internet Service Provider (ISP) discontinuing service to the victim of the attack. This is because a mail bomb can cause an ISPs mail server to crash, affecting not just the victim, but all of the ISPs clients. When a mail server is down, no one who subscribes to that ISP can send or receive email through the provider.

People who send mail bombs are known as lusers (losers) within the hacking community. It is considered an infantile form of striking out, a simplistic and crude attack that carelessly affects many more people than the perpetrator’s target(s). There are a few methods for sending a mail bomb, overviewed here in general terms.

A mail bomb is effective because of the way email accounts are handled. Email accounts reside on a mail server, or computers with software designed to send and receive mail. A receiving mail server has allocated space for virtual mailboxes assigned to its clients. For example, an ISP might have 100,000 subscribers, and 300,000 mailboxes, (many people have more than one email address). It’s easy to see that even a relatively small mail server such as shown in the example can potentially handle hundreds of thousands of emails each day.

When a mail server becomes flooded by a mail bomb, the computer’s available resources are consumed and the system overloads to the point of crashing. The mail bomb might consist of a single compressed file that decompresses into a very large file filled with repetitive data that overwhelms and hangs the system. In other cases a perpetrator will use a “botnet,” (robot network) to do the dirty work.

A botnet is a network of infected computers, surreptitiously under remote control of the perpetrator. The controller of a botnet can send out a single command that reaches all computers in the botnet. This can be hundreds, thousands, or even over a million computers.

The botnet ISPs do not catch the attack going out because each computer is only sending one or two messages. The result is that the targeted email account receives a mail bomb of potentially millions of emails at once. This can be costly to the ISP that receives the mail bomb, as getting the mail server back online to receive legitimate mail while blocking inbound messages from a botnet-sourced mail bomb can be a difficult task. This type of mail bomb is known as a Distributed Denial of Service (DDoS) attack.

Another method is to use a party’s email address in order to subscribe the person to multiple mailing lists. A mailing list is a discussion forum that propagates via email. One must subscribe to the list to get on it, and unsubscribe to cease receiving the list’s messages. All subscribers get all messages sent to the list. If the list is popular, this can result in dozens of messages per day. A mailing list mail bomb occurs when a victim is automatically subscribed to hundreds of mailing lists without his or her knowledge or permission. The victim must then manually unsubscribe from each list, or change his or her email address and close the old account.

A mail bomb is a serious offense and is against the Terms of Service of all ISPs. One way to protect yourself against a mail bomb is to save your ISP's email address for private use, giving it to trusted friends and family only. A free Web-based email address can be used for registering at websites, participating in Web forums, or online gaming. If a mail bomb is sent to this address, the website will still have to deal with the attack and you might lose your free account. However, you will still have your ISP, your private email address, and you can create a new, free address at another website.