Blocking Email Bombs with EmailGlass

We develop a defence against email bomb attacks, we call EmailGlass. Email bomb is a targeted Denial of Service (DOS) attack during which the email account of a victim is flooded with multiple emails. The emails are sent by legitimate web services which the attackers abuse as reflectors, to reflect unwanted email traffic at victim email accounts.The lack of defences coupled with low costs of the attack and the devastating outcome, make email bomb attack particularly popular. The email bomb attacks do not only pose inconvenience and hinder the ability of victims to function, but can also be used to hide other attacks which take place concurrently.The design of EmailGlass is based on a two year study of the email bomb attack and the relevant actors - the victims and the reflectors. During the study we setup victim email accounts, and rented email bomb attacks on darknet. We analysed the attack traffic that was received on our victim accounts to derive conclusions for development of an effective defence mechanism.