http://www.theregister.co.uk/2004/04/06/joejoe_dos_attack/ By John Leyden Published Tuesday 6th April 2004 17:30 GMT A problem with the way that non-delivery notifications are sent by many mail servers could be exploited to launch "mail bomb" denial of service attacks. Incorrectly configured mail servers may respond to mail delivery failure with as many non-delivery reports as there are undeliverable cc: and bcc: addresses contained in the original email. By forging the source of an email, hackers could bombard systems with spurious emails. [...] Developers and mail administrators are urged to secure their SMTP mail services, as explained here (PDF). The fix is simple enough: don't send the attachment part of non-delivery receipt; and send one email in response to every mail failure, rather than one for every intended recipient.
This is a digitally signed message part