DDoS Protections for SMTP Servers
International Journal of Computer Science and Security (IJCSS), vol. 4 (2011), pp. 497-610
Michael Still, Eric McCreath
Many businesses rely on email of some form for their day to day operation. This is especially true for product support organizations, who are largely unable to perform their role in the company if their in boxes are flooded with malicious email, or if important email is delayed because of the processing of attack traffic. Simple Message Transfer Protocol (SMTP) is the Internet protocol for the transmission of these emails. Denial of Service (DoS) attacks are deliberate attempts by an attacker to disrupt the normal operation of a service with the goal of stopping legitimate requests for the service from being processed. This disruption normally takes the form of large delays in responding to requests, dropped requests, and other service interruptions. In this paper we explore the current state of research into Distributed Denial of Service (DDoS) attack detection, protection and mitigation for SMTP servers connected to the Internet. We find that whilst there has been significant research into DDoS protection and detection generally, much of it is not relevant to SMTP servers. During our survey we found only two papers directly addressing defending SMTP servers against such attacks.