Draft:Reverse NDR attack (email)
![]() | Draft article not currently submitted for review.
This is a draft Articles for creation (AfC) submission. It is not currently pending review. While there are no deadlines, abandoned drafts may be deleted after six months. To edit the draft click on the "Edit" tab at the top of the window. To be accepted, a draft should:
It is strongly discouraged to write about yourself, your business or employer. If you do so, you must declare it. Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
Last edited by Izotov (talk | contribs) 7 days ago. (Update) |
A reverse NDR attack or reverse bounceback attack is an email attack, when attackers intentionally cause huge amounts of backscatters to their victims in a short period of time.
The reverse NDR attack is one of the rare email attacks that doesn't try to exploit the human error of the recipient (i.e. phishing), but attack the victim's infrastructure. The reverse NDR attack is a denial-of-service attack: the heavy flood of the NDRs usually causes the victim's email infrastructure to become unavailable.
Mechanism[edit]
The attacker sends email messages forging the sender email address, impersonating the victim.
The forged messages are attempted to be sent to several (thousands or more) SMTP servers that are not expected to be able to deliver these emails as they do not host the recipient. Misconfigured SMTP servers -instead of rejecting recipients that they do not host- accept such emails. As the SMTP server can not deliver the email, it sends an NDR to the impersonated victim according to RFC 5321.
The victim's SMTP server goes down under the heavy flood of NDR emails.
![Reverse NDR attack](http://upload.wikimedia.org/wikipedia/commons/4/4e/RNDR.png)