Error Message Bombs

E-mail bombers also exploit the feedback mechanisms of mail systems by using legitimate error messages generated by MTAs. Figure three illustrates how an MTA is exploited by masquerading the source address of the sender and the system responds with error messages that are delivered to the MTA of the victim.

 

Figure 3: Error Message Bombing

In this attack scenario, the bomber inserts the e-mail address of the victim's e-mail server, MTA₂, as the origin of the message, and sends the e-mail bomb to MTA₁. MTA₁was configured to generate feedback messages to the originator when one of many error conditions are generated.

MTA₁ generates an error message, or in the case of an e-mail bomb, large volumes of error messages, and forwards them to the victim MTA₂. Depending on the robustness and configuration of MTA₂, either MTA₂ is taken out of service, or the end-users mailbox, MUA_user, is flooded.

Many well-intended system administrators accidently configure their systems to be exploited in this manner. One scenario occurs when an MTA has been e-mail bombed and the system administrator configures the mail server to send rejection messages on receipt of unwanted messages. An Internet based attacker simply inserts the unauthenticated e-mail address of the victim in the SMTP message and mail-bombs an innocent mail server. The intermediate server innocently responds with error messages bombing the victim.