By Jenna DePofi on Monday, 08 November 2021
Category: Email Strategy

Email Bombing and How it Affects Individuals and Brands

Email bombing is a topic rarely discussed in the email industry. However, it’s an issue that affects brands and individuals every day. And, it’s an experience I went through recently with my personal email account.

So, what is email bombing? I’ve been in the email space for almost four years now, and I’ve heard of it a few times but never experienced it for myself until just recently.

What is Email Bombing?

List bombing is different from a traditional bot attack. Instead of targeting a specific company, bots target the individual recipient.

Email bombing is a cyber attack that uses bots to sign up legitimate email addresses to hundreds or thousands of different mailing lists in just minutes. When this happens, the recipient of the legitimate email gets bombarded with email subscription confirmation emails in just a few minutes.

In my experience, I got over 1,000 emails in under 5 minutes sent to my personal email address. I had lots of questions!  How do I stop this? How does this happen? Is any of my personal information stolen? What do I check and do first?

How List Bombing Affects the Individual Recipient

Fraud: List bombing happens because your credit card information or other personal information was compromised. Flooding the individual's inbox is a distraction mechanism, so you can't find the alert emails informing you that your information was stolen.

Thankfully, my credit card company provided a text alert so I could catch the fraud activity immediately. Thanks to Webbula, and the security training we take throughout the year, I was even cautious about the text alert from the credit card company and called to verify the situation. The credit card company flagged the activity and sent me a new card.

List bombing also affects the individual's reputation. As soon as I realized my inbox was being flooded with unwanted messages, I immediately googled how to stop it. My experience in the industry told me the best thing to do is unsubscribe. A few additional articles advised me to mark the emails as spam if it continued to happen to alert the ISPs that list bombing is occurring and to set up filters for my important messages.

I wondered what this would do to the brands’ reputations. If I continue to mark all of the emails from brands who thought I signed up to receive emails as spam, I will look like a complainer or screamer and I could damage their deliverability and reputation.

Lastly, suppose this continually happens to individuals. Consumers might get tired of the effort it takes to mitigate the damage of email bombing and abandon their compromised email account for a fresh start. This leads to my next point, how brands are affected.

How Email Bombing Affects Brands

But what about best practices? Someone not in the email space will take the “mark as spam” advice which could harm the brands deliverability, reputation and could cause the brand to be blocklisted.

How to Protect Yourself from List Bombing

The good news is there are ways that brands and recipients can protect themselves from list bombing attacks.

Brands

CAPTCHA Is an acronym for “Completely Automated Public Turing Test to Tell Computers and Humans Apart.” Putting a CAPTCHA system in place is your first line of defense to defend against bots and prevent them from entering data into your forms. In my experience, a bot used my REAL email address to sign up for a bunch of accounts. If these websites had a CAPTCHA in place, it’s most likely the bot wouldn’t have been able to get through.

DOI requires users to confirm their new subscription request. DOI is another great solution to avoid list bombing, but many brands still do not use it for fear of reducing conversion rates. If the subscriber doesn’t verify the subscription, you’ll have a pretty good idea it was a bot. However, you never want to take the chance. It’s wise to have extra layers of protection and utilize both CAPTCHA and DOI. 

Because data ages and email addresses such as temporary domains, spam traps, and emails involved in phishing scams can pass through CAPTCHA and DOI; regularly working with a hygiene provider can help detect those malicious email addresses and help protect your deliverability and sender reputation.

Individuals

  1. Passwords: Ensure that your online passwords are unique and secure, and all of your accounts are secure with multi-factor authentication. Take it a step further and get a solution like 1password  in place for all of your accounts. You’ll never have to remember a password again and it will prevent you from getting hacked.
  2. Turn your alerts on for all of your payment methods to ensure you catch fraud immediately.
  3. Don’t click on any suspicious links in emails or text messages. Always stop and think before you click.

Marketers and Consumers Should Take Steps Necessary to Protect Themselves

If not already, brands should implement CAPTCHA and Double Opt in to prevent list bombing. It is a serious headache for marketers and consumers and can cause ongoing inboxing, blocklisting, deliverability issues, and eventually cause sender reputation issues

Consumers will continue to turn over email addresses. That is why it’s important for brands to have an email hygiene partner  to periodically cleanse email databases identifying and mitigating threats to sender reputation and deliverability.

Leave Comments