• electrodynamica
    link
    fedilink
    arrow-up
    2
    ·
    3 years ago

    malicious actors were spinning up fake instances with thousands of users to make a server send separate copies of a message to every single user’s inbox, slowing the site down. Would shared inboxes help to prevent this type of attack, or is it something else?

    Indeed. Making sharedinbox a requirement would mean that a server could simply refuse to do it the other way and then be immune from that attack. But because it is optional, all servers must then be vulnerable to this attack.

    It can be mitigated by batching, and delivering say only 5 copies to one server at a time, but that would have to be very carefully crafted to not cause queue backup for other messages.

    The ultimate workaround is queueless delivery, but there will still always be some penalty of having to keep revisiting a particular server.

    A malicious actor can also deliberately slowly respond to deliveries, forcing the sending server to keep many sockets open.