www.techzoom.net/mailbomb Abstract. Analysis of e-mail non-delivery receipt handling by live Internetbound e-mail servers has revealed a common implementation fault that could form the basis of a new range of DoS attacks. Our research in the field of e-mail delivery revealed that mail servers may respond to mail delivery failure with as many non-delivery reports as there are undeliverable Cc: and Bcc: addresses contained in the original e-mail. Non-delivery notification e-mails generated by these systems often include a full copy of the original e-mail sent in addition to any original file attachments. This behavior allows malicious users to leverage these mail server implementations as force multipliers and flood any target e-mail system or account. 1 of 18 Towards the end of 2002, the authors discovered that from time to time there were massive amounts of mail traffic destined for non existent e-mail accounts on ou
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.