E-mail bombs and countermeasures: Cyber attacks on availability and brand integrity

The simplicity of SMTP mail can be combined with the robustness of the sendmail MTA program and misused in numerous ways to create extraordinary and powerful e-mail bombs. These e-mail bombs can be launched in many different attack scenarios which can easily flood and shut down chains of SMTP mail servers. Sendmail-based SMTP mail relays also can be used covertly to distribute messages and files that could be very damaging to the integrity and brands of victims. This article discusses mail-bombing techniques, automated attack tools, and countermeasures. Also discussed is an actual Internet-based attack that was launched in 1997 on the Langly AFB SMTP e-mail infrastructure. The authors also present an analysis of the cyber attack, graphs illustrating the attack volume, and a statistical e-mail bomb early warning system.