Incorrectly configured mail servers may respond to mail delivery failure with as many non-delivery reports as there are undeliverable cc: and bcc: addresses contained in the original email. By forging the source of an email, hackers could bombard systems with spurious emails.
Security researchers have now demonstrated how easy it might be to turn such 'Joe Jobs' into deliberate denial of service attacks.
Hackers could use badly set-up mail servers as multipliers (every bogus message could generate dozens) and flood any target email system or account.
The Register - John Leyden April 6, 2004
- The Register - article