Microsoft is adding a new layer of protection to its Defender for Office 365 email security system to automatically stop email bombing attacks, a growing cyber threat that floods inboxes with massive amounts of messages.
The feature, called “Mail Bombing Detection,” began rolling out in late June 2025 and will reach all users by the end of July. It’s turned on by default, so no setup is needed. Any emails identified as part of an attack will be automatically sent to the Junk folder.
Microsoft shared the news in a recent Microsoft 365 Message Center update. “This type of abuse floods mailboxes with high volumes of email to obscure important messages or overwhelm systems,” the company explained. The new detection system will help IT teams focus on real threats instead of digging through spam.
What Is Email Bombing?
Email bombing is a cyberattack tactic where hackers send thousands of emails to a target in a short amount of time. They might use shady services to subscribe someone to tons of mailing lists or use tools that can blast out spam instantly.
Why do this? It’s usually part of a bigger plan. The attackers want to distract or confuse the victim, making it easier to sneak in malware or trick someone through a follow-up scam, like fake tech support calls or messages asking for remote access.
One example was the BlackBasta ransomware group, which used email bombs to overwhelm their victims’ inboxes, then called them pretending to be IT support. They’d ask the stressed-out employee to install remote access tools like AnyDesk or Windows Quick Assist, and from there, launch their actual attack.
Other cybercrime groups, including affiliates of 3AM ransomware and FIN7, have copied this method. These attackers often pretend to be internal support staff and use email overload as a smokescreen for their phishing or credential-stealing attempts.
How This Helps You Stay Safe
The new email bombing protection is part of Microsoft Defender for Office 365 (formerly Office 365 ATP). It’s designed for businesses and organizations that deal with high-risk threats through email, links, or shared files.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Security teams will now see this new threat type in tools like Threat Explorer, the Email Summary Panel, and Advanced Hunting, giving them better visibility and faster response options.
