Situation:
You may suddenly be bombarded by hundreds of unsolicited email messages, possibly even in other languages. This typically indicates you are the victim of what is sometimes called an email bomb or a form attack.
What Is An Email Bomb?
This occurs when somebody intentionally enters an email address into an automated script that registers the email address at thousands of websites around the world. The email showing up in the user's mailbox is the result of all of those unwanted registrations. The messages are nearly all confirmations of registering, or signing up for a newsletter, or creating an account, etc.
Why Aren't They Stopped?
Because the messages are essentially legitimate (as far as the sender is concerned, they are replying to someone who legitimately signed up for their service), many of the messages will not be scored very high for spam, and will consequently not be stopped by our engine. A combination of the following steps may help minimize the impact of this type of attack:
Possible Solutions (Temporary)
QUARANTINE
- Since many of these messages will be recognized as Bulk, make sure the Quarantine bulk email option is enabled for that user (found in the Spam Settings).
SPAM SENSITIVITY
- Temporarily lower the spam sensitivity slider at Security Settings - Email - Spam Settings. This reduces the threshold for messages to be quarantined.
FILTERS
- Create a custom filter that allows only email from the United States as the majority of these messages come from other countries at Security Settings - Email - Filter Policies.
- Create a custom filter to quarantine messages with the word verification or confirmation or confirm, or welcome, or in the Subject (or even in the body).
DISABLE USER
- More extreme Temporarily disable the user's account in Proofpoint Essentials until the storm subsides.