Imagine opening your email and seeing 10,000 new messages. Your phone won't stop vibrating. Your email client crashes. Important messages are buried under an avalanche of spam confirmations, newsletter subscriptions, and auto-replies. You've just been email bombed.

What Is an Email Bomb?

An email bomb is a form of denial-of-service (DoS) attack where a malicious actor signs your email address up for thousands of mailing lists, forums, and services simultaneously. Each signup triggers a confirmation email. The volume overwhelms your inbox, making it impossible to use.

Attackers use automated tools that can submit your email to hundreds of sites per minute. The goal isn't to steal your data — it's to disrupt your life, hide fraudulent transactions in the chaos, or simply harass you.

Why It Works

Most email services weren't designed to handle 10,000+ emails in an hour. Your inbox becomes:

  • Unusable: You can't find real emails.
  • Storage-capped: Free Gmail accounts hit 15GB quickly.
  • Notification-spammed: Your phone becomes unusable from constant alerts.
  • A hiding place: Attackers sometimes bomb you to conceal a real password reset or purchase confirmation.

How to Protect Yourself

1. Never expose your real email publicly. Social media bios, forum signatures, and GitHub commits are goldmines for attackers. Use TmpMail.pro for any public-facing contact.

2. Use filters aggressively. Create inbox rules that auto-archive or delete emails containing common signup phrases like "verify your email" or "welcome to."

3. Enable rate limiting. Some email providers let you throttle incoming messages. If you use a custom domain, configure your mail server to reject extreme volume spikes.

4. Have a backup communication channel. If your email is bombed, you need another way to reach banks, work, and family. Set up a secondary address and keep it private.

If You're Already Being Bombed

  1. Don't panic. The attack usually stops within hours.
  2. Enable "vacation mode" or auto-reply to signal you're aware.
  3. Use your email provider's bulk select to delete by sender domain.
  4. Check for hidden legitimate emails — attackers sometimes bomb to hide password resets.
  5. Change passwords for critical accounts (bank, email, cloud) as a precaution.

Temporary Email Is Prevention

The best defense is never exposing your real address in the first place. Every time you use a disposable email for a signup, you're removing one potential target from an attacker's list. Generate a temp address and make yourself invisible.