It may seem like ancient history now, however in the early decades of the Internet we’d enormous difficulty: Our email servers were not overly unfriendly.

In a nutshell, most email servers enabled anyone to connect to them and send e-mail to anybody else. Though occasionally you’d to at least fake being a user, you did not have to be a user of that email server.
A hacker claim to be from someone hosted by the email server could invent an e-mail, and send any e-mail to anybody else on earth.

Yet with another foundational Internet technology, a similar open relay issue continues after all these years . Attackers typically use poor or misconfigured DNS servers to send invalid IP addresses back to querying clients — or to send huge levels of fake traffic in DDoS attacks.
Using DNS to start DDoS attacks

Other attackers and dDoS have been using DNS for ages, but in the last couple of years, the ante has been upped by hackers.

These days the most massive DDoS attacks in many cases are carried through using DNS “amplification” techniques. To investigate some excellent background information about how this works, check out USCERT, the Internet Systems Consortium, and CloudFlare.

At last, protocol manufacturers and DNS server sellers are reacting in a way much like the SMTP e-mail sellers of yesteryear by executing more protections. These comprise new defenses and better default options.