Widomaker Internet Services | 11860 Fishing Point Drive | Newport News, VA 23606 | 757-253-7621 | helpdesk@widomaker.com
Widomaker Weblog
Widomaker and Internet related news or information
Skip to main content

How Can We Help?

Email Bombing Attack, How to Survive and Clean Up

Created On
byWidomaker
Print
You are here:
< Back

If your inbox has suddenly been flooded with hundreds or thousands of unexpected emails—such as newsletter subscriptions, account registrations, or website confirmation requests—you are likely the target of a cyberattack known as an email bomb.

⚠️ CRITICAL FIRST STEP: Do Not Panic, and Check Your Financial Accounts Immediately

The primary purpose of an email bomb is almost never just to annoy you. It is usually deployed as a smokescreen to hide a real attack occurring elsewhere, such as an unauthorized purchase or an account takeover. Do not spend your first moments trying to delete the spam; instead, immediately check your bank accounts, credit cards, PayPal, Amazon, and primary email security settings for unauthorized activity.

What is Email Bombing?

An email bomb is a coordinated attack where automated scripts (bots) submit your email address into thousands of legitimate online registration and subscription forms simultaneously. Because these forms are real websites, your email provider sees them as legitimate messages, allowing them to bypass traditional spam filters and flood your inbox directly.

While the most common variation is Subscription Bombing (or List Bombing), other types include massive volumetric floods generated by botnets designed to completely overwhelm an email server or mailbox. For a complete technical breakdown of the different variations, you can read the Wikipedia article on Email bombs.

Why Do Attackers Do This? (The Real Threats)

Understanding the underlying motivations behind the flood will help you defend yourself effectively. Attackers typically use this strategy for two primary reasons:

  • The Smokescreen Effect: If a criminal compromises your Amazon account, changes your bank routing information, or triggers a password reset on a financial portal, those systems immediately send automated confirmation alerts to your email. By flooding your inbox with thousands of junk emails at the exact same time, the criminal hopes the genuine fraud alert will get lost in the noise, buying them time to complete their theft.
  • The “Double-Play” Phone/Text Scam: Shortly after the email flood begins, you may receive a phone call or text message from someone claiming to be “Widomaker Support,” your bank’s fraud department, or another tech support entity. They will claim they notice your email is under attack and offer to fix it if you grant them remote access to your computer or hand over a temporary multi-factor authentication (MFA) passcode. This is a scam. Widomaker will never call you out of the blue demanding passcodes or remote access to resolve a spam issue.

Immediate Action Plan: What You Should Do

Step 1: Do NOT Click “Unsubscribe” Links

When facing thousands of subscription emails, your first instinct might be to click the “Unsubscribe” links inside them. Do not do this. Attempting to manually unsubscribe from thousands of individual sites is ineffective. More importantly, clicking links inside unfamiliar emails can expose your system to malware or verify to the attacker’s automated script that your email address is actively monitored by a real person, which could worsen the attack.

Step 2: Access Your Mailbox via Webmail First

If you typically access your Widomaker email using a local app or program (such as Thunderbird, Outlook, Apple Mail, or a mobile mail client) via POP or IMAP protocols, you may find it easier to switch to Webmail in your web browser to manage the cleanup. Downloading thousands of messages directly to your local computer or phone can cause your mail software to slow down or freeze. Managing the flood directly on the server level through Webmail may be faster and safer.

How to Access Widomaker Webmail:

  • Personal & Enhanced Email Customers: If your email address ends in @widomaker.com, or if you use Widomaker’s Enhanced Email Hosting with a custom domain, log in directly at: https://webmail.widomaker.com/
  • Plesk Custom Domain Customers: If your website and email are hosted together on Widomaker’s Plesk server, your webmail access point uses your custom domain name in this format: https://webmail.yourdomain.com/ (replace yourdomain.com with your actual domain name).

How to Clean Up Your Mailbox Safely

Your strategy for dealing with the actual emails depends entirely on whether the attack is still actively running or if the flood has stopped.

Scenario A: The Attack Has Already Stopped

Most subscription bombs are brief, intense bursts that last anywhere from a few minutes to a few hours. If the flood of incoming mail has ceased, do not set up automated filters. Instead, focus entirely on careful cleanup:

  1. Sort by Date & Time: Look at the exact block of time when the attack occurred.
  2. Scan for Anomalies: Carefully skim through the senders and subject lines within that specific time window. Look for any genuine notifications from your bank, credit cards, online retailers (like Amazon or eBay), or password reset alerts that look different from the generic newsletter confirmations.
  3. Bulk Delete: Once you have verified and pulled out any legitimate, critical alerts, use the Webmail checkboxes to select the remaining junk messages in bulk and move them to the Trash.

Scenario B: The Attack is Still Active & Ongoing

If hundreds of emails are still actively pouring into your inbox every minute, you may need to set up a temporary rule or filter in Webmail to keep your inbox usable. However, you must be extremely cautious.

⚠ WARNING ON OVER-FILTERING: Do not create a rule that automatically deletes emails containing common words like “confirm,” or “verify.” If you do this, you might completely delete the exact financial fraud alert or password change notification the attacker is trying to hide from you, successfully helping them accomplish their goal.

The Safe Filtering Method: Instead of automatically deleting messages, configure a temporary rule within your Widomaker Webmail settings to look for common subscription bomb phrasing (such as subject lines containing “Confirm your subscription” or “Welcome to our newsletter”) and route those messages to a temporary subfolder rather than the Trash. This keeps your primary inbox clean while ensuring you can safely review the filtered folder later to look for any genuine account alerts hidden inside. Don’t forget to turn off this temporary rule once the email flood has stopped.

Summary Checklist for Your Safety

Action Item Why It Matters
Audit Financials First The attack is a distraction tool to hide financial theft or account takeovers.
Use Webmail in a Browser Prevents local POP/IMAP mail programs on your computer or phone from freezing up.
Don’t Unsubscribe in Bulk Clicking links confirms to attackers your account is active and exposes you to malware.
Beware Phone Scams Hang up on unexpected callers claiming they can “fix” your email.

If you suspect your mailbox quota has been filled completely due to an attack and you are missing regular correspondence, or if you need assistance locating the filter configuration panels within your specific Webmail interface, please reach out to Widomaker Support safely via our Contact page.

Last Updated On
Tags:

    

Add this site to your Protopage

Search Google
Support the EFF!
Support the EFF
Please support the EFF. They fight for your digital rights, and the rights of smaller ISPs, like Widomaker.
Welcome
This site was setup to help communicate with customers on Widomaker services and network outages/upgrades.
Pages
Links
Categories
Recent Posts
Search
Archives

Designed by Widomaker.