Email is most certainly the primary form of communication for most businesses. As such, it is also the primary way for someone to mount an attack. We are generally used to seeing phishing attacks, spam or even a virus that got passed our filters. These days malicious people are getting creative and launching new ways to attack our emails.
Recently, a few journalists learned just how damaging this new form of attack, called subscription bombing, can be. The way the attack works is that your email address is used by bots to sign up for email subscriptions all over the internet. Using the bot they can sign up for thousands of email newsletters within minutes. Each sign up will send a confirmation to your email to make sure you really want the newsletter, which you actually do not. This flood of email confirmations overloads your inbox and can overload your entire email platform.
An attack like this is almost impossible to stop without halting all messages to your inbox. Since the emails are coming from sites all over the world, it is extremely difficult to weed them out to let legitimate email through. If you find yourself a victim, you may need to disable your incoming email for a short period of time, to save the rest of the company. Since the flood of messages to your inbox will start affecting other accounts on the system, it’s important to notify someone right away. Also, if you are a victim of this form of attack, please make sure to NOT mark this influx of messages as spam. Most of the time the companies sending you the email have no idea that a bot was used to sign up for the newsletter. Marking the message as spam can blacklist the company and prevent them from sending email messages to legitimate contacts in the future. Use a service like unroll.me to help clean up any email newsletter subscriptions that you no longer, or never wanted in the first place.
Finally, a word to the business owners, if you have an email subscription sign up on your website, it is a great idea to add some kind of CAPTCHA to the signup form to prevent your website from being used in this manner.