blog header image of mail envelopes marked spam

Imagine this: You're minding your business, sipping your coffee, gearing up for the day… and suddenly your inbox looks like someone set off a confetti cannon.

“Welcome!”
 “Thanks for subscribing!”
 “Confirm your email!”
 “Here’s your coupon!”
 “Your ebook is ready!”

Dozens. Hundreds. Sometimes thousands.

You didn’t sign up for any of this.
 You didn’t want any of this.
 And you don’t have time for this nonsense.

This is not an accident.
 It’s not just “a bad spam day.”

It’s a spam flood attack, and it’s one of the most common distraction tactics cybercriminals use right before they try to break into one of your accounts.

Today, we’re going to talk about:

  1. What a spam flood attack actually is 
  2. What cybercriminals are trying to pull 
  3. Exactly what to do in the moment 
  4. And—bonus—how to set up your inbox so you stay protected long-term and dramatically reduce everyday spam 

Let’s dig in.

What Is a Spam Flood Attack?

A spam flood attack is when someone signs your email address up for massive amounts of junk—newsletters, promotions, random accounts—sometimes thousands at once.

But this isn’t about spam at all.

It’s about distraction.

A spam flood makes your inbox so loud, so chaotic, and so full of “Welcome!” and “Confirm your email!” messages that you completely miss the real email you needed to see:

  • “Your password was changed.” 
  • “A new device signed in.” 
  • “Suspicious login attempt detected.” 
  • “Your purchase of $1,942.11 is being processed.” 
  • “Your verification code is…” 

The attacker is hoping their spam avalanche hides their real activity long enough for them to pull something off.

And unfortunately, this tactic works extremely well – if you don’t know what it is.

Why Criminals Use Spam Floods

Cybercriminals use spam floods for three simple reasons:

1. To bury the evidence

If your inbox is exploding, a single alert email becomes a needle in a digital haystack.

2. To stress you out

Chaos makes people sloppy. Attackers know this.

3. To buy themselves time

While you’re sifting through glitter-confetti nonsense, they’re trying passwords, requesting resets, or changing your account settings.

Once you understand their strategy, you can beat it.

What to Do Immediately If You Get “Spam-Flooded”

Here is the exact order of operations to protect yourself, even if your inbox is an absolute disaster zone.

1. Don’t panic. Take a breath.

This is a tactic, not a catastrophe.

2. Log directly into your most important accounts

Skip email completely and go straight to:

  • Your bank 
  • Credit cards 
  • PayPal / Venmo / Stripe 
  • Email provider 
  • Phone carrier 
  • Business platforms (Shopify, QuickBooks, Stripe, etc.) 
  • Amazon, Apple, Google 

Look for:

  • Unauthorized logins 
  • Password resets 
  • New devices 
  • Purchases 
  • Transfers 
  • Security warnings 

If you see anything suspicious, act immediately.

3. Change passwords for your highest-risk accounts

Start with:

  • Email 
  • Bank accounts 
  • Password manager 
  • Apple/Google/Microsoft 
  • Major financial/commerce accounts 

Use strong, unique passwords, preferably created and managed by a password manager.

4. Turn on two-factor authentication (2FA) everywhere

Preferably:

  • App-based codes (Authy, Google Authenticator) 
  • Hardware keys 
  • Device prompts 
  • Text messages if nothing else is available 

2FA (aka multifactor authentication, or MFA) blocks most account-takeover attempts.

5. Create a temporary inbox filter

Route obvious spam-flood messages to a separate folder.

Filter for subject lines like:

  • “Welcome” 
  • “Confirm your email” 
  • “Subscription” 
  • “Thanks for signing up” 
  • “Newsletter” 

This clears your view so you can spot real alerts.

6. Check your email rules

Attackers sometimes set hidden rules to:

  • Forward your mail 
  • Hide security alerts 
  • Auto-delete messages 

Look for anything you didn’t create.

7. Do NOT unsubscribe from anything sketchy

Fake unsubscribe links confirm your email is active and can themselves be phishing links. 

Just mark the messages as spam/junk or use your filter.

8. Freeze your credit

It’s free and stops identity theft cold.

Freeze with:

  • Experian 
  • Equifax 
  • TransUnion 

9. Keep an eye out for 48–72 hours

Most attacks cluster into a short window. Stay alert.

But Let’s Be Honest: The Best Defense Is a Cleaner Inbox All the Time

A spam flood attack thrives on chaos.

The messier your inbox is (and I say that without judgment!), the easier it is for attackers to hide security alerts inside it.

So now that you know what to do during a spam flood, let’s talk about the part most people never do:

Setting up your email in a way that reduces everyday spam AND makes you much harder to target in the future.

How to Reduce Everyday Spam (and Make Spam Floods Much Less Effective)

These next steps aren’t about reacting. They’re about strengthening your inbox so you’re safer all year long.

We’ll start with the tools most people already have: Google Workspace and Microsoft 365.

1. Built-In Tools in Google Workspace (Gmail)

You don’t need to install anything fancy—Gmail already has powerful anti-spam tools built in.

Report spam + block senders

  • “Report spam” trains Google’s AI. 
  • “Block” prevents that sender from reaching you again. 

Use Gmail’s new forced-unsubscribe system

Google now requires bulk senders to support one-click unsubscribe and respond within two days.

If Gmail shows an “Unsubscribe” button next to the sender’s name, use it for legitimate newsletters.

You can also use the Manage Subscriptions feature, which lets you knock out a bunch quickly.

Use Gmail filters to automatically organize junk

Starter filters:

  • Has the words: “unsubscribe” 
  • Does not contain: your client domains → Label as “Promos” + Skip Inbox 

This keeps marketing noise out of your primary inbox.

If you’re the admin, enable stronger protections

Turn on:

  • Enhanced message scanning 
  • Spoofing protection 
  • DMARC enforcement 
  • Attachment blocking rules 
  • High-level spam filtering 

This is especially powerful for solopreneurs and small teams.

2. Built-In Tools in Microsoft 365 (Outlook)

Outlook users: you’ve got good tools too.

Block senders and block domains

Quick and effective.

Use Junk Email settings

Make sure legit senders are marked “safe,” so you don't lose important mail.

Turn on advanced admin policies

Admins can strengthen:

  • Anti-spam 
  • Anti-phishing 
  • Anti-spoofing 
  • Safe Links / Safe Attachments 
  • Block automatic forwarding (VERY important) 

Use Outlook Rules to tame the inbox

Ideas:

  • Move emails with “unsubscribe” to a Promotions folder 
  • Auto-label newsletters 
  • Delete repeat spam patterns 

3. Smart Email Habits Everyone Should Use

Use 3–5 email addresses (the “alias strategy”)

This is one of the most effective, low-effort ways to keep your inbox clean:

  1. Primary inbox: Only real humans 
  2. Shopping/downloads inbox: Courses, freebies, orders 
  3. Newsletter inbox: If you subscribe to lots of content 
  4. Client inbox: Paying work only 
  5. Admin inbox: Account logins + financials 

When a spam flood happens, it only hits one of these—not all.

Use plus-addressing

Gmail and Outlook both support:

  • yourname+shopping@… 
  • yourname+promos@… 
  • yourname+clients@… 

Then filter automatically.

Never click “unsubscribe” on anything sketchy

If it smells off, mark it as spam.

4. Reduce Your Digital Footprint

These habits cut spam drastically over time:

  • Use Apple’s Hide My Email 
  • Use DuckDuckGo or Firefox Relay 
  • Never post a raw email publicly 
  • Use a contact form instead of posting your email 
  • Don’t use your business email for personal accounts 
  • Consider getting yourself off data broker lists, etc., with services like Incogni, DeleteMe, etc. 

5. Business Owners: Level Up Your Email Security

You should also:

  • Set up DMARC, SPF, and DKIM correctly (use my free scanner – you don’t have to give me your email! 😉 https://securitydoneeasy.com/resources/ ) – it’s actually mandatory in many industries and enforced by email providers. If your deliverability has gone down, start here. 
  • Turn off catch-all email addresses 
  • Use security add-ons like SpamTitan, Barracuda, or Microsoft Defender 
  • Monitor your deliverability, compliance, and reputation, either with a tool or service. We do this with our cohorts. 

This prevents impersonation and filters bad mail more effectively.

The Bottom Line

When a spam flood hits, it feels chaotic and overwhelming.
 But you’re not powerless.

There are two parts to staying safe:

  1. Reacting quickly and calmly
     (the first half of this article) 
  2. Designing an inbox that’s harder to overwhelm
     (the second half) 

Once you combine both?

You’re no longer an easy target.
You’re no longer distractible.
You’re no longer the person attackers hope you are.

You are the business owner who sees through the noise, protects her accounts, and keeps moving confidently forward.