Recently I had a user get in contact with a problem, that they had received thousands of emails from different email address’ of nonsense. Sure enough after checking this was true. It seems that someone was bulk sending paragraphs of a book to this users , new email = new paragraph x 1000 + Interesting , was this just an email bomb or something else?
So sending emails from a book is a new way for spammers / attackers to get around the spam filter , they were sending from legitimate created Gmail/Yahoo address even though they where for email spams.
Upon investigation, the emails had stop being received about 2 hours before the user contacted me , any new emails were not coming through which means the user has hit gmails receiving limit https://support.google.com/a/answer/1366776?hl=en
Why?
This is a sign that the attacker has reset an account password somewhere and wants the email to notify you this has been done to get “lost” so the user doesn’t know he’s being attacked until its too late!
How to stop this?
You will need to purchase Google Apps Premium and enable the Post Ini filter which can detect emails bombs
https://www.google.com/support/enterprise/static/postini/docs/admin/en/admin_spe_cu/conn_auto.html