If you are getting loads of emails for newsletters and related subscription messages, you are probably experiencing a "subscription bomb". This is a known malicious attack that goes by a variety of different names, such as "subscription bomb", "subscription attack" and "email bomb".
Why weren't these messages quarantined?
Under normal circumstances, subscription confirmation emails would be considered harmless. But in the event of a "subscription bomb", an anonymous abuser weaponizes hundreds (or even thousands) of public newsletters and registration forms to flood a user's inbox with unwanted mail. Typically, the attacker uses automated "bots" that can subscribe an individual email user to hundreds of unrelated mailing lists in a matter of seconds.
These attacks are typically one-time events and usually short-lived.
Why are they doing this?
This is a tactic that is sometimes used by criminals to hide security notifications from your bank or other online accounts (see the warning below). In other cases, it may be something that someone does just to be a nuisance.
Check your online accounts for signs of financial fraud
There have been reports that hackers use subscription bombs to bury emails from institutions like Banks, PayPal, Amazon, and others so that you won't notice unauthorized withdrawals or purchases. It has been noted that scammers will go as far as using the "archive" feature of Amazon to hide unauthorized purchases on your Amazon account. [Source]
What can I do about it?
Following are some things you can use to reduce the impact of these kinds of attacks:
- Enable the Bulk Mail Filter This filter will prevent most subscription-based emails from reaching your inbox. details
Navigate to Bulk Mail Filter, or from within the SpamHero control panel go to Settings > Filtering policies and select Bulk mail filter
If there are important newsletters that you don't want to miss, add them to your Approved Senders list (From within the SpamHero control panel, go to Settings > Approved senders).
- Create Custom Filter Rules - Block common phrases that are associated with "subscription confirmation" emails. details
Navigate to Custom filters, or from within the SpamHero control panel, go to Settings > Custom filters
Example words and phrases to block:
account has been created
activate your account
To reduce the risk of blocking unrelated messages, it is recommended that you set an expiration date for these rules and only apply them to the recipient that is being affected by the "susbscription bomb".
- Unsubscribe and block senders - These are not typical spam messages, so it's best to unsubscribe or simply block the sender. details
In the case of "subscription bombs", the senders are not intentionally spamming (they are just responding to a subscription request). So reporting the messages as spam is not recommended. Instead, we suggest that you "unsubscribe" from the newsletters or block the senders.
Navigate to Blocked senders, or from within the SpamHero control panel, go to Settings > Blocked senders.
Senders can also be blocked from within the Quarantine+ "clean mail" view by clicking on the "Block sender" link that appears when hovering your mouse over a message.