On Tue, 19 Aug 2025, Jarland Donnell via mailop wrote:
Tonight we faced what can only be described as a DDOS attack from Microsoft
and Google, with a bit of IONOS sprinkled in. This is an incredibly effective
attack vector because most of us simply cannot afford the pushback from
customers if we so much as rate limit inbound email from either Google or
Microsoft. Rejecting email in an attack is easy, but processing it rapidly at
scale is quite taxing on smaller mail infrastructure. Let me show you what
this looks ilke with only a small portion of the logs (censored, of course):
https://mxbin.io/ZNuVC3
Basically, the attack goes like this:
1. Set MX to target
2. Create a wealth of freemail accounts
3. Set all of those freemail accounts to forwarders that reject all inbound
mail
4. Enjoy the barrage of bounce emails sent from freemail systems to target MX
At least in our part of this field we can't block Google or Microsoft without
users considering us to be effectively down. Can't rate limit without them
considering us to be faulty. Can't take it lying down when Google alone is
causing almost exactly 100 server load (not including that of the others).
Getting tough out here my friends. I have no worthwhile solutions other than
"add more infrastructure" so I wanted to share the wealth before someone else
gets caught with their pants down on this.
I have a rather whack-a-mole partial solution, if you have a spare IP
address.
Have your servers listen on the spare IP and move *your* MX records
to point at it.
Set up another server listening on the original IP to filter the
good email from the attack messages.
The first thing to do, of course is to reduce the DNS timeouts
so that you can put the above into action swiftly.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
