What is “list bombing”?

List bombing subscribes victims to many mailing lists simultaneously. Attackers use target email addresses across hundreds of subscription forms, overwhelming victims with legitimate confirmation and welcome emails.

Purposes include: harassment (flooding victim's inbox), distraction (hiding important messages in noise during fraud), and reputation damage (generating complaints against legitimate senders).

Defense for senders: implement CAPTCHA or verification on subscription forms, rate-limit subscriptions from single IPs, and use **double opt-in** to verify intent. Victims need to mass-unsubscribe and report the attack to affected senders.