Email spamming is a variant of bombing; it refers to sending email to hundreds or thousands of users (or to lists that expand to that many users). Email spamming can be made worse if recipients reply to the email, causing all the original addressees to receive the reply. It may also occur innocently, as a result of sending a message to mailing lists and not realizing that the list explodes to thousands of users.

a) Technical Issues

- Email spamming is almost impossible to prevent because a user with a valid email address can spam any other valid email address, newsgroup, or bulletin-board service.

- When large amounts of email are directed to or through a single site, the site may suffer a denial of service through loss of network connectivity, system crashes, or failure of a service because of overloading network connections, using all available system resources, or filling the hard disk.

b) Prevention

Unfortunately, at this time, there is no way to prevent email bombing or spamming (other than disconnecting from the Internet), and it is impossible to predict the origin of the next attack. However there are preventive measure you can apply.

1. Develop in-house tools to help you recognize and respond to the email bombing/spamming and so minimize the impact of such activity. The tools should increase the logging capabilities as well as check for and alert you to incoming/outgoing messages that originate from the same user or same site in a very short span of time. Once you identify the activity, you can use other in-house tools to discard the messages from the offending users or sites.

2. If your site uses a small number of email servers, you may want to configure your firewall to ensure that SMTP connections from outside your firewall can be made only to your central email hubs and to none of your other systems. Although this will not prevent an attack, it minimizes the number of machines available to an intruder for an SMTP-based attack (whether that attack is a email spam or an attempt to break into a host). It also means that should you wish to control incoming SMTP in a particular way (through filtering or another means), you have only a small number of systems--the main email hub and any backup email hubs--to configure. More information on filtering is available from

3. Consider configuring your mail handling system(s) to deliver email into file systems that have per-user quotas enabled. Doing this can minimize the impact of an email bombing attack by limiting the damage to only the targeted accounts and not the entire system.

4. Educate your users to inform you about email bombing and spamming.

5. Do not propagate the problem by forwarding (or replying to) spammed email.

This Tech Tip was compiled by the WOUGNET Technical Support Team. Please note that the information above is a little technical and may be of more use to the technical staff or system administrators in your organisation, however we have tried to simplify it as much as possible for the benefit of the ordinary user too. For more details, please visit http://www.cert.org/tech_tips/email_bombing_spamming.html