Hi Jarland I observed something similar a couple of weeks ago, targeting support email addresses of various companies an ISP (we were affected).
Attacker sets up an free email account with Google or Microsoft and activates forwarding to probably a couple of dozens 'target' support email addresses. Attacker then sends one email from that account to one of those support addresses. Reply "Case got opened" confirmation is being sent back to the attackers account and forwarded to all other support addresses to which this is forwarded, those in turn again reply with "Case got opened" effectively DOSing the whole list until either some rate limiting at the freemail operator blocks the thing or everyone manages to set up filter for all forwarded email. Blocking IP is useless as those freemailer keep changing the IP and love to use those which cause the most collateral damage with real customers when blocked. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
