Draft:Reverse NDR attack (email)

A reverse NDR attack or reverse bounceback attack is an email attack, when attackers intentionally cause huge amounts of backscatters to their victims in a short period of time.

The reverse NDR attack is one of the rare email attacks that doesn't try to exploit the human error of the recipient (i.e. phishing), but attack the victim's infrastructure. The reverse NDR attack is a denial-of-service attack: the heavy flood of the NDRs usually causes the victim's email infrastructure to become unavailable.

Mechanism
The attacker sends email messages forging the sender email address, impersonating the victim.

The forged messages are attempted to be sent to several (thousands or more) SMTP servers that are not expected to be able to deliver these emails as they do not host the recipient. Misconfigured SMTP servers -instead of rejecting recipients that they do not host- accept such emails. As the SMTP server can not deliver the email, it sends an NDR to the impersonated victim according to RFC 5321.

The victim's SMTP server goes down under the heavy flood of NDR emails.