Inbox Rules to Avoid "Subscription Bombing"

What is Subscription Bombing?

This is a tactic used by malicious actors where, prior to attempting to hack an account, they sign someone up for thousands of email newsletters/subscriptions to flood their inbox. The goal of this is bury any fraud alerts or other security-related messages.

 

Subscription Bombing FAQs

Please contact the Help Desk. You will want to change your password as a precautionary measure. You may also want to check for fraudulent activity in your WWU and personal accounts, especially financial accounts.

Folks who handle financial data or are in elevated organizational positions are most commonly targeted, but malicious actors will target anyone. Likely, someone is trying to hack your account. By flooding your inbox with messages, legitimate security-related emails are more likely to be missed.

In the case of subscription bombing, we do not recommend following the unsubscribe link. Reputable services typically do not send more than one email until you've confirmed your subscription. Other services may stop emailing you, but then sell your email address to other services.

Blocking these types of attacks is difficult because you are not receiving an illegitimate email from a singular source, nor multiple of the same exact type of phishing emails. Attackers tend to use a bot network with a multitude of IP addresses that are browsing to legitimate websites and entering your email address to receive their newsletters. We cannot block newsletters as a whole because some folks want to receive them, including from legitimate services that are leveraged in these attacks.

Please see the steps outlined below for configuring inbox rules that can help dampen the flood from subscription bombing.

Configuring Inbox Rules

  1. In Outlook, create a new folder in your inbox. Name it something that makes sense to you, such as "Outside".
  2. Open your Settings, and navigate to Mail > Rules.
  3. Select Add new rule.
    1. Name this one "3 - Outside".
    2. Set the condition to "Apply to all messages".
    3. Set the action to Organize > Move to > Folder "Outside".
    4. Make sure "stop processing more rules" is selected.
    5. Click Save
Screenshot of OWA Rules settings showing the implementation of rule 3 - Outside.

 

  1. Add another new rule.
    1. Name this rule "2 - Known Bad".
    2. Set the condition to Keywords > Sender address includes > ultraoffer.com. This is just an example; you can set this to any domain (the portion of an email after the @) that you receive spam from.
    3. Set the action to Organize > Move to > Folder "Junk Email".
    4. Check "stop processing more rules".
    5. Click Save.
Screenshot of OWA Rules settings showing the implementation of rule 2 - Known Bad.

 

  1. Create your third and final new rule.
    1. Name this rule "1 - Known Good".
    2. Set the condition to Keywords > Sender address includes > wwu.edu. Likewise, this is an example; you can add any domains you want to ensure end up in your inbox. Note that Microsoft's phishing detection and quarantine rules will typically override this.
    3. Set the action to Organize > Move to > Folder "Inbox".
    4. Make sure "stop processing more rules" is selected.
    5. Click Save.
Screenshot of OWA Rules settings showing the implementation of rule 3 - Outside.

 

You should now have these existing inbox rules:

A screenshot displaying the list of all 3 above rules in Outlook > Settings > Mail > Rules.

Tags & Topics