Microsoft is introducing a new detection capability in Microsoft Defender for Office 365 to help protect your organization from a growing threat known as email bombing. This form of abuse floods mailboxes with high volumes of email to obscure important messages or overwhelm systems. The new “Mail Bombing” detection will automatically identify and block these attacks, helping security teams maintain visibility into real threats.
Email bombing is a tactic to hide important emails by flooding your inbox with irrelevant ones. For instance, an attacker might order expensive items using your Amazon account and bury the confirmation emails. If you own a domain, they could be trying to transfer it. They may also hide transaction confirmations if they accessed your bank or financial accounts. Ultimately these attacks are designed to distract you, the target, from the “real” email they do not want you to see.
When this will happen:
Microsoft began rolling out in late June 2025 and expects to complete by late July 2025.
How this affects your organization:
Security Operations Analysts and Administrators will see a new detection type labeled Mail Bombing in the following locations:
Messages identified as part of a mail bombing campaign will be automatically sent to the Junk folder. Safe Senders settings will continue to be honored—messages from those senders will not be impacted.
This feature is on by default and requires no manual configuration.
What you can do to prepare:
Compliance considerations:
How Daymark Can Help
If you have questions about mail bombing, or need guidance on securing your infrastructure, please reach out. Daymark Microsoft consultants are happy to help.