Skip to content

Remediate list bombing

Last updated: October 13, 2020

Applies to:

All products and plans

List bombing is a form of cyber attack where bots are used to submit an email address on hundreds of forms simultaneously. This action is usually done to obscure a hacking attempt or other nefarious behavior. HubSpot's Email Deliverability Team will reach out to the primary contact on your account if a list bombing attack is detected.

List bombing impacts both the email addresses used, and the organization targeted. The email addresses submitted will get lots of unwanted emails in a short period of time, which can overload their email server. This can lead to hard bounces or spam complaints that negatively impact your email sender reputation.

List bombing can also impact HubSpot's ability to send email for other customers. If a large volume of recipients reject your marketing emails, HubSpot's sending IP addresses may become blocklisted. To protect your sender reputation and HubSpot's email infrastructure, email sending may be temporarily suspended until a remediation plan is completed.

List bombing can be prevented by implementing both of the following features:

  • CAPTCHA: enabling CAPTCHA prevents bots from being able to submit forms on your site.  Learn more about how to enable CAPTCHA.

  • Double Opt-In: this feature requires new contacts to click through an email to confirm their email subscription. Enabling double opt-in won’t prevent fraudulent form submissions, but it will omit any unconfirmed email addresses from your emails automatically. Learn more about how to enable double opt-in.

Please note: if you are impacted by a list bombing attack, enabling both CAPTCHA and double opt-in may be required for remediation.