{
	"id": "f7bdcabf-a608-43c9-b18b-34e6a4d3dac6",
	"created_at": "2026-04-06T00:07:18.749255Z",
	"updated_at": "2026-04-10T13:12:50.625624Z",
	"deleted_at": null,
	"sha1_hash": "9ac66d78c6d23057e4cfd0aac91bac6f23885b93",
	"title": "Massive Email Bombs Target .Gov Addresses",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 226118,
	"plain_text": "Massive Email Bombs Target .Gov Addresses\r\nPublished: 2016-08-18 · Archived: 2026-04-05 13:19:18 UTC\r\nOver the weekend, unknown assailants launched a massive cyber attack aimed at flooding targeted dot-gov (.gov)\r\nemail inboxes with subscription requests to thousands of email lists. According to experts, the attack — designed\r\nto render the targeted inboxes useless for a period of time — was successful largely thanks to the staggering\r\nnumber of email newsletters that don’t take the basic step of validating new signup requests.\r\nThese attacks apparently have been going on at a low level for weeks, but they intensified tremendously over this\r\npast weekend. This most recent assault reportedly involved more than 100 government email addresses belonging\r\nto various countries that were subscribed to large numbers of lists in a short space of time by the\r\nattacker(s). That’s according to Spamhaus, an entity that keeps a running list of known spamming operations to\r\nwhich many of the world’s largest Internet service providers (ISPs) subscribe.\r\nWhat my inbox looked like on Saturday, Aug. 13. Yours Truly and apparently at least 100 .gov email addresses got\r\nhit with an email bombing attack.\r\nhttps://krebsonsecurity.com/2016/08/massive-email-bombs-target-gov-addresses/\r\nPage 1 of 3\n\nWhen Spamhaus lists a swath of Internet address space as a source of junk email, ISPs usually stop routing email\r\nfor organizations within those chunks of addresses. On Sunday, Spamhaus started telling ISPs to block email\r\ncoming from some of the largest email service providers (ESPs) — companies that help some of the world’s\r\nbiggest brands reach customers via email. On Monday, those ESPs soon began hearing from their clients who\r\nwere having trouble getting their marketing emails delivered.\r\nIn two different posts published at wordtothewise.com, Spamhaus explained its reasoning for the listings, noting\r\nthat a great many of the organizations operating the lists that were spammed in the attack did not bother to validate\r\nnew signups by asking recipients to click a confirmation link in an email. In effect, Spamhaus reasoned, their lack\r\nof email validation caused them to behave in a spammy fashion.\r\n“The issue is the badly-run ‘open’ lists which happily subscribed every address without any consent verification\r\nand which now continue as participants in the list-bombing of government addresses,” wrote Spamhaus CEO\r\nSteve Linford. It remains unclear whether hacked accounts at ESPs also played a role.\r\nAlso writing for wordtothewise.com, Laura Atkins likened email subscription bombs like this to “distributed\r\ndenial of service” (DDoS) attacks on individuals.\r\n“They get so much mail from different places they are unable to use their mailbox for real mail,” she wrote. “The\r\nhostile traffic can’t be blocked because the mail is coming from so many different sources.”\r\nAtkins said over 100 addresses were added to mailing lists, many from Internet addresses outside the United\r\nStates.\r\n“The volumes I’m hearing here are significantly high that people cannot use their mailboxes. One sender\r\nidentified fewer than 10 addresses each signed up to almost 10,000 of their customer lists during a 2 week period,”\r\nAtkins wrote. “Other senders have identified addresses that look to be part of the harassment campaign and are\r\nworking to block mail to those addresses and get them off their lists.”\r\nI WAS ON THE LIST, TOO!\r\nMake that 101 targets, apparently. At approximately 9:00 a.m. ET on Saturday, KrebsOnSecurity’s inbox began\r\nfilling up with new newsletter subscriptions. The emails came in at a rate of about one new message every 2-3\r\nseconds. By the time I’d finished deleting and unsubscribing from the first page of requests, there would be\r\nanother page or two of new newsletter-related emails. For most of the weekend until I got things under semi-control, my Gmail account was basically useless.\r\nSome of the lists I was signed up for did require confirmation, but the trouble is if you don’t validate the request\r\nwithin a certain time they still send you additional emails reminding you to complete the signup process.\r\nBut those that required validation were in the minority, at least in the emails that I saw. I was aghast at how many\r\nof these email lists and newsletters did not require me to click a link to verify my subscription. I used Gmail’s\r\n“mark as spam and unsubscribe” option to report all of those subscriptions. It’s taken me almost a day’s worth of\r\neffort so far to clean up, and I’m still getting one or two new junk newsletters per minute.\r\nhttps://krebsonsecurity.com/2016/08/massive-email-bombs-target-gov-addresses/\r\nPage 2 of 3\n\nAtkins said many ESPs are now asking their customers to tighten signup requirements to include verification, and\r\nto comb through their lists for any recent signups that match certain fingerprints associated with this attack.\r\nI have no idea why I’d be on a list of targets, and no one has contacted me about the attack thus far. But this\r\nisn’t the first time that KrebsOnSecurity has been the target of an email bombing attack. A very similar deluge was\r\nlaunched specifically at my inbox in July 2012. I later traced that inbox flooding service back to a guy in Ukraine\r\nwho was intimately involved in selling credit and debit cards stolen in the 2013 breach at Target.\r\nI don’t know who’s responsible for this latest attack, and I’m not suggesting a connection between it and the 2012\r\nattacks I just mentioned. But I do marvel at how little seems to have changed since 2012 in terms of how\r\norganizations run their newsletters.  It’s also mind-boggling to ponder how many of these time-wasting attacks are\r\nthe result of organizations that fail to secure or properly configure their software, technology and services.\r\nIn the past week alone, for example, KrebsOnSecurity.com has been the target of more than a half-dozen DDoS\r\nattacks aimed at knocking this site offline. These attacks are increasing in both frequency and intensity because\r\nthe criminals behind them have access to virtually limitless firepower — millions of poorly-configured systems\r\nthat can be leveraged to flood the target with so much junk traffic that it is rendered unreachable to legitimate\r\nvisitors.\r\nLet’s hope the ESPs of the world step up and insist that customers using their email infrastructure take a bit more\r\ncare to ensure they’re part of the solution and not part of the problem. Atkins captures my thoughts on this subject\r\nprecisely in the conclusion of her writeup on the attacks.\r\n“Internet harassment seems to be a bigger and bigger issue,” she wrote. “I don’t know if it’s because people are\r\nbeing more open about harassment or if it’s actually more common. In either case, it is the responsibility of\r\nnetworks to minimize the harassment. If your network is a conduit for harassment, you need to do something to\r\nstop it.”\r\nSource: https://krebsonsecurity.com/2016/08/massive-email-bombs-target-gov-addresses/\r\nhttps://krebsonsecurity.com/2016/08/massive-email-bombs-target-gov-addresses/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://krebsonsecurity.com/2016/08/massive-email-bombs-target-gov-addresses/"
	],
	"report_names": [
		"massive-email-bombs-target-gov-addresses"
	],
	"threat_actors": [],
	"ts_created_at": 1775434038,
	"ts_updated_at": 1775826770,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9ac66d78c6d23057e4cfd0aac91bac6f23885b93.pdf",
		"text": "https://archive.orkl.eu/9ac66d78c6d23057e4cfd0aac91bac6f23885b93.txt",
		"img": "https://archive.orkl.eu/9ac66d78c6d23057e4cfd0aac91bac6f23885b93.jpg"
	}
}