Suppose I forgot to add the most important detail between 3 & 4:
- Flood freemail accounts with massive amounts of inbound email all
addressed from randomly generated addresses @ the domain with MX set to
the target server.
That + the seemingly intentionally broken forwarders is why I would call
this a targeted attack. Seems Google has no rate limit for bouncing
failures to forward.
On 2025-08-19 07:42, jarl...@mxroute.com wrote:
Tonight we faced what can only be described as a DDOS attack from
Microsoft and Google, with a bit of IONOS sprinkled in. This is an
incredibly effective attack vector because most of us simply cannot
afford the pushback from customers if we so much as rate limit inbound
email from either Google or Microsoft. Rejecting email in an attack is
easy, but processing it rapidly at scale is quite taxing on smaller
mail infrastructure. Let me show you what this looks ilke with only a
small portion of the logs (censored, of course):
https://mxbin.io/ZNuVC3
Basically, the attack goes like this:
1. Set MX to target
2. Create a wealth of freemail accounts
3. Set all of those freemail accounts to forwarders that reject all
inbound mail
4. Enjoy the barrage of bounce emails sent from freemail systems to
target MX
At least in our part of this field we can't block Google or Microsoft
without users considering us to be effectively down. Can't rate limit
without them considering us to be faulty. Can't take it lying down when
Google alone is causing almost exactly 100 server load (not including
that of the others).
Getting tough out here my friends. I have no worthwhile solutions other
than "add more infrastructure" so I wanted to share the wealth before
someone else gets caught with their pants down on this.
<3
Jarland
MXroute Admin
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
