Administrators can now configure when an Email Bomb attack should be detected and what workflow should be triggered for it.

An Email bomb attack is a social engineering attack that is designed to flood mailboxes with unwanted emails - usually subscription confirmations to newsletters the user never signed up for.

Users targeted by these attacks practically lose access to their business emails and attackers can use these attacks as a distraction while they perform malicious activities on behalf of the user.

Administrators can now define the number of emails a mailbox can receive from new senders in the span of a few hours, before an Email Bomb attack is detected. They can then decide how to treat subsequent emails that are part of the attack by selecting the desired workflow - Spam, Suspected Phishing or Phishing.

To do that, open Configuration > Security Engines > SmartPhish > Configure and set the Email Bomb – Workflow and Email Bomb – Threshold parameters

Note – this feature is being deployed gradually. You should see it in your portal by July 28th