by Charles Miller

Last week I wrote here relating the experience someone here in San Miguel had with a "subscription bomb." All of a sudden, one day her email inbox was blasted with thousands of emails in one hour. The deluge was such that by the end of the day her email provider had blocked her from receiving any new emails… and that was the point of the subscription bomb. The perpetrators were trying to make sure that she could not receive any important emails warning her that thousands of dollars in fraudulent charges were being made to her credit card.

A subscription bomb is also known as a list bomb or smoke-screen bomb is a type of email attack in which the attacker uses an automated system which generates thousands of emails addressed to your inbox. The crooks do this by submitting your email address to thousands of legitimate online subscription or contact forms or password reset forms simultaneously. The companies sending you the emails are legitimate, but are being used by the crooks as unwitting accomplices. The object is to overwhelm your inbox with thousands or tens of thousands of newsletters and/or subscription confirmations that you never signed up for. And once you are targeted, there is literally nothing that can be done to stop this.

The reason I say "nothing" can stop this is because the emails originate from thousands of different senders, all of whom are legitimate. There are some actions that can be taken to mitigate the effects of an email bomb, but nothing to stop the emails from coming.

Most email services offer some method for "whitelisting" email senders. This involves adding the names of all the emails you do want to receive, then rejecting all emails not on the white list. This method can be effective, but also might cause you to miss important emails if you fail to add someone's address to your white list. The only truly effective way to stop an email bomb is to change your email address, inconvenient though that may be.

Something I strongly recommend is having a second email address to use for banking, and ONLY for banking. This should be an email address known only to you and the bank, and never ever shared with anyone else so that when you do receive an email addressed to that address you can be quite sure it came from your bank. So long as you keep that email address secret, it should be safe from being misused by crooks. Also, if you start to receive junk mail sent to that address, then you know your bank sold your information to the spammers.

Having two or more email addresses does not have to be complicated, or involve your having to monitor two different email inboxes. This can be set up in such a way that emails sent to two or more email addresses all go into the same inbox, making it simple for you to manage.

Along the same line, I personally make use of a "throw-away email" address which I use online whenever I am compelled to provide an address to online vendors who add me to their spam lists, or sell my information to spammers. When I see an uptick in unsolicited spam, all I have to do is throw that email address away and create another throwaway email address.

Your email address is a very important part of your digital life, and it can be quite disruptive when it is abused by others. For this reason I have always recommended having one email address you use with those you are able to trust, while having a throwaway address available to use whenever dealing with those situations where you should not trust the other party to respect your property as they should.

**************

Charles Miller is a freelance computer consultant with decades of IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted at 415-101-8528 or email FAQ8 (at) SMAguru.com.

Discover Lokkal:
Watch the two-minute video below.
Then, just below that, scroll down SMA's Community Wall.
Mission

Visit SMA's Social Network

Contact / Contactar