How to Prevent Email Bombing

Email bombing is the process of sending large number of mails into someone’s mailbox, with an intent to affect the operating system of a computer or a network. It is also termed as email flooding, as the targeted mailbox is flooded with a barrage of mails. When your mailbox is flooded with unwanted and junk emails, your mailbox capacity will get exhausted and you won’t be able to receive any mails further. This action prevents you from reading the legitimate mails. It can even be used to completely overload any company’s mail server. It is done intentionally with an intent to affect the DOS (Disk Operating System) of a computer.

The intensity of email bombing can also result in crashing of the operating system and the mail servers. It has the capacity to consume the whole system. By limiting the user quota to a certain capacity, it can help to restrict its overflow. The hacker aims to shut down the website of a victim, by sending email bombs. The first known incident of email bombing was done by Tamil guerrilla groups against the Sri Lankan government. Tamil guerrillas swamped the system of Sri Lankan embassies with an email containing the message ~ “We are the Internet Black Tigers and we’re doing this to disrupt your communications”.

Causes of Email Bombing

Overloading of the network connection
Loss of connectivity
Denial of service
Consumption of all system resources
Syslog entries

Preventive Measures

Use Proxy Servers
If the email bombs are incoming from many IP addresses, it’s difficult to spam and filter each and every mail from those addresses. In this case, employing proxy servers will help to minimize the problem. The computers in a particular network, will be connected to a proxy server, which is another computer. The client computers request for information and resources of other computers, to the proxy server. The proxy server addresses the request and sends the information, after filtering the messages which is done according to the filtering rules of the proxy. It checks for malware content and filters the messages from suspicious IP addresses and protocols before transmitting it to its clients. In this way, proxy servers, protect the network and also take on the complexity of the computer networks.

Monitor Simple Mail Transfer Protocol
Simple Mail Transfer Protocol (SMTP) is a method of authenticating the exchange of messages that are transmitted or received across the Internet protocols. The clients in the network use Post Office Protocol (POP) or the Internet Message Access Protocol (IMAP), of their system to access their mailbox. The Mail Submission Agent, sends a mail or transfers any information to the Mail Transfer Agent (MTA), through SMTP. The MTA connects to the SMTP and then analyzes the mail exchange record and the IP address of the sender, and then only accepts the message. Security mechanisms such as authentication and negotiation are processed during the exchange of data. Internet Engineering Task Force (IRTF), is working on the authentication process and finding ways to strengthen this system, as the complexity of the system is growing rapidly.

Use Mail Filter Applications
Filter packages are exclusionary schemes that are used to filter the mails according to the source addresses. For windows and Mac OS computers, I have listed some filter package tools below.

EIMS (Mac OS)
Mail Siphon (Mac OS)
Musashi (Mac OS)
SIMS (Mac OS)
Email Chomper (Windows 95/85/NT)
Spam Buster (Windows 9x/ ME/ NT/ XP/ 2000)
SpamKiller (Windows 9x/ ME/ NT/ XP/ 2000)

How Can You Do Against Email Bombing?

Identification: If your system becomes sluggish or if you are not able to send or receive mails, it could be because your mailer is trying to process many number of mails.
Reaction:
If you find an email bomb, configure your router using your Network Service Provider, after identifying itssource.
Update the current version of your email delivery software.
Spamming the emails may also help to some extent. But it is never the permanent solution.
Prevention: Configure your mail handling system and firewall, properly. Most importantly, don’t propagate the problem by replying to the spammed mails.

Examples of Email Bombs and their Filenames

Anyway, it won’t help you to prevent email bombers from attacking your computers, but if you are running a network having multiple users, then you can check these filenames in the hard disk drives of your network and thereby you can prevent your users from attacking other computers by email bombing. Take a look at the list.

Email Bomb Filename
Kaboom kaboom3.zip, kab3.zip
Gatemail gatemail.c
Avalanche alanch3.zip, avalance.zip
Ghost Mail gn51.zip
Euthanasia euthan15.zip, et15.zip
Aenima aenima17.zip, aenima20.zip
The Windows Email Bomber bomb02b.zip
Unix Mailbomber mailbomb.c
Haktek hatetuk.zip
The Unabomber unabomb.zip, unz.zip
Up Yours upyours3.zip, up4beta3.zip
Serpent (Linux) serpent.zip

Identifying the IP address from which the email bomb is received and directly contacting the postmaster is also an effective way to prevent it. They can also lead to malfunctioning of the mail servers and also results in denial of service. One such case occurred when a hacker bombed the systems in Monmouth University in New Jersey, which caused temporary halt of the whole mail server.

There are many instances of email bombing, one of which even affected the NATO computers in the year 1988. The whole network of The Institute of Global Communications (IGC), was attacked by email bombers for creating the online publication of Euskal Herria journal, for supporting and writing about Basque separatist movement, which was very active during the time. One thing to be kept in mind is, these are just preventive measures. There is no permanent solution to completely getting rid of email bombs.

Facebooktwittergoogle_pluspinterestmail