Prevent email bomb attacks - the DDoS of email

Email bombs disable mailboxes and provide cover for machine and account takeovers. Sublime can prevent them from ever reaching an inbox.

See Sublime in action
Bg PatternIllustration
Email bomb protection

Our previous solution delivered a well-crafted phishing email to our technology team, but Sublime identified it as malicious immediately. That was our first 'oh yeah, Sublime is way better' moment.

Email bomb protection
Patrick Lafleur
Director of Information Security & Privacy, Maple

Email bombs in a nutshell

Email bomb protection
Email bomb protection

Email bombs are the DDoS of email. They occur when an adversary uses an avalanche of email to overwhelm a mailbox, disrupt service, evade security, or more.

The barrage of messages in an email bomb creates a smokescreen of non-malicious messages to obscure the malicious intent or payload.

The sheer volume of an email bomb makes it difficult for security solutions to address each message individually.

Email bomb endgames

Adversaries can send email bomb attacks for a variety of reasons.

Disable mailboxes

Disable mailboxes

Attackers can use email bombs to disable a target mailbox or make it otherwise unusable due to the volume of messages.

Machine takeover

Machine takeover

Attackers will initiate an email bomb, call the target as “tech support” to “fix” the bomb, and then get the target to install a remote access tool.

Account takeovers

Account takeovers

Attackers will initiate a password reset, use a bomb to hide the legit reset email, and then send a fake reset email that phishes credentials.

Email bomb prevention with Sublime

Sublime uses machine learning, message grouping, and bidirectional processing to detect and prevent email bombs and save teams time.

Email bomb detection
01

Email bomb detection

Sublime builds patterns of email volume and behavior for each mailbox at an organization. Once an email bomb spike reaches a mailbox-specific threshold, all the messages in the bomb are grouped and auto-remediated.

Auto-remediation & fast triage
02

Auto-remediation & fast triage

Sublime auto-remediates messages in an email bomb and provides an intuitive interface for quickly triaging any outliers. Our interface includes in-depth details about the email bomb so security teams can move quickly and precisely.

Email bomb overview
03

Email bomb overview

Security teams get a view of historical and ongoing email bombs, their status, and other important information.

Automated handling
04

Automated handling

For teams that want to go further, they can view and modify the Automation logic used to catch email bombs.

See how Sublime stops email bombs

Experience how our email security platform prevents email bombs.

Select all applicable use cases
Down Arrow
check
Thank you!

Thank you for reaching out.  A team member will get back to you shortly.

Oops! Something went wrong while submitting the form.

Latest from Sublime

The latest news, research, attack spotlights, and product updates.

November 21, 2025
You’ve been invited to join a Meta for Business scam!
Attack spotlight

You’ve been invited to join a Meta for Business scam!

Luke Wescottperson
Luke Wescott
Detection
Person
November 13, 2025
Salesforce infrastructure abuse: Stopping email scams and spam sent via SFDC
Attack spotlight

Salesforce infrastructure abuse: Stopping email scams and spam sent via SFDC

Brandon Murphyperson
Brandon Murphy
Detection
Person
November 3, 2025
ICS phishing: Stopping a surge of malicious calendar invites
Attack spotlight

ICS phishing: Stopping a surge of malicious calendar invites

Ahry Jeonperson
Ahry Jeon
Product Manager
Brandon MurphyPerson
Brandon Murphy
Detection
See all blog posts

Frequently asked questions

What is an email bomb?
Email bombs are the DDoS of email in which a bad actor sends an avalanche of email to a mailbox to overwhelm, disrupt, evade security, or more.
Why are email bombs effective attacks?
An email bomb is full of “smokescreen” emails that are often legitimate mail that could be wanted in some contexts (if not during an attack), so that there are too many emails being sent at once for them to be addressed individually.
How can email bombs disable mailboxes?
An attacker can use an email bomb to disable a target mailbox or make it otherwise unusable due to the volume of messages.
How can email bombs be used for machine takeovers?
An attacker can send an email bomb and then call the victim pretending to be the IT department looking into the attack. They’ll ask the user to install remote access tools so that the attacker can “fix” the user’s disrupted email. The attacker now has access to the victim’s computer.
How can email bombs be used for account takeovers?
After successfully changing a user’s password to an external service, the attacker sends an email bomb at the same time as the password reset notification. The legitimate message about the password reset is then lost in the deluge, leaving the user unaware of the compromise.

Now is the time.

See how Sublime delivers autonomous protection by default, with control on demand.

Get started
Get a demo
BG Pattern
Sublime Logo Horizontal
Resources
BlogEvents
Community Slack
Resource center
EML Analyzer
Sublime Core Feed
API Reference
Documentation
Security at SublimeICS Phishing Playbook
©2025 Sublime Security, Inc.
TermsPrivacySecurityDisclosurePrivacy choices