Microsoft has announced a new feature for its Defender for Office 365 cloud-based email security suite: automatic detection and blocking of email bombing attacks. This enhancement, called Mail Bombing Detection, is designed to protect organizations from coordinated efforts to flood mailboxes with large volumes of emails, which can overwhelm systems and obscure important messages, potentially masking genuine threats or hindering business operations.
The Mail Bombing Detection feature is rolling out globally starting in late June 2025 and is expected to be available to all customers by late July 2025. It is enabled by default and requires no manual configuration, making it easy for organizations to implement without additional administrative effort.
When a mail bombing attack is detected, Microsoft Defender for Office 365 automatically identifies and blocks the offending messages, sending them to the Junk folder while continuing to honor Safe Senders settings so legitimate communications are not affected. Security operations teams will see a new detection type labeled “Mail Bombing” in key security tools such as Threat Explorer, Email Entity View, Email Summary Panel, and Advanced Hunting, enabling rapid investigation and response.
This new capability leverages advanced artificial intelligence and machine learning to enhance detection accuracy and is part of Microsoft’s ongoing commitment to providing robust, automated protection against evolving email threats. Organizations are encouraged to inform their security teams about this new feature and review their junk folder handling policies to ensure alignment with internal expectations.
