--- title: "12 Common Types Of DDOS Attacks - Explained By DMARCReport | DMARC Report" description: "DMARC (RFC 7489) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible From header." image: "https://dmarcreport.com/og/blog/12-common-types-of-ddos-attacks-explained-by-dmarcreport.png" canonical: "https://dmarcreport.com/blog/12-common-types-of-ddos-attacks-explained-by-dmarcreport/" --- Quick Answer At DMARCReport, we take email and network security seriously. While our primary focus is on DMARC, \[SPF\](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/), and \[DKIM\](https://dmarcreport.com/blog/dkim-explained-how-dkim-works-and-why-is-dkim-important-for-organizations/), we also understand the broader threat landscape - including Distributed Denial-of-Service (DDoS) attacks. In this comprehensive guide, we walk you through the 12 most common types of DDoS attacks, their underlying mechanisms, and why understanding them matters - even for organizations that prioritize email security. Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2F12-common-types-of-ddos-attacks-explained-by-dmarcreport%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=12%20Common%20Types%20Of%20DDOS%20Attacks%20-%20Explained%20By%20DMARCReport&url=undefined%2Fblog%2F12-common-types-of-ddos-attacks-explained-by-dmarcreport%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2F12-common-types-of-ddos-attacks-explained-by-dmarcreport%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2F12-common-types-of-ddos-attacks-explained-by-dmarcreport%2F&title=12%20Common%20Types%20Of%20DDOS%20Attacks%20-%20Explained%20By%20DMARCReport "Share on Reddit") [ ](mailto:?subject=12%20Common%20Types%20Of%20DDOS%20Attacks%20-%20Explained%20By%20DMARCReport&body=Check out this article: undefined%2Fblog%2F12-common-types-of-ddos-attacks-explained-by-dmarcreport%2F "Share via Email") ![12 Common Types Of DDOS Attacks - Explained By DMARCReport](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) ## Try Our Free DMARC Checker Validate your DMARC policy, check alignment settings, and verify reporting configuration. [ Check DMARC Record → ](/tools/dmarc-checker/) DMARC ([RFC 7489](https://datatracker.ietf.org/doc/html/rfc7489)) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible `From` header. According to Google’s February 2024 bulk sender requirements, a DMARC policy of at least `p=none` is now mandatory for any domain sending 5,000+ messages per day to Gmail users. At DMARCReport, we take email and network security seriously. While our primary focus is on DMARC, [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/), and [DKIM](https://dmarcreport.com/blog/dkim-explained-how-dkim-works-and-why-is-dkim-important-for-organizations/), we also understand the broader threat landscape - including Distributed Denial-of-Service (DDoS) attacks. In this comprehensive guide, we walk you through the 12 most common types of DDoS attacks, their **underlying mechanisms**, and why understanding them matters - even for organizations that prioritize email security. > DMARC reporting without automation is like watching security cameras without recording, says Brad Slavin, General Manager of DuoCircle. You see the threats in real time but you can’t go back and investigate. DMARC Report captures and classifies every aggregate and forensic report so your security team has a complete audit trail. ## What Is a DDoS Attack? A Distributed Denial-of-Service (DDoS) attack is a malicious attempt to make an online service unavailable by overwhelming it with a flood of traffic from multiple sources. In a DDoS attack, threat actors often use a network of compromised devices - known as a botnet - to send huge volumes of fake or malicious traffic. _These botnets can cripple websites, applications, or network infrastructure, causing downtime, service disruption, and reputational damage_. As of 2025, DMARC is mandatory under multiple compliance frameworks. [CISA BOD 18-01](https://www.cisa.gov/news-events/directives/bod-18-01) requires p=reject for US federal domains. [PCI DSS v4.0](https://www.pcisecuritystandards.org/) mandates DMARC for organizations processing payment card data as of March 2025\. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and [Microsoft began rejecting](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) non-compliant email in May 2025\. The UK [NCSC](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing), Australia’s [ASD](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-email), and Canada’s [CCCS](https://www.cyber.gc.ca/en/guidance/implementation-guidance-email-domain-protection) all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition. Unlike a simple [DoS (Denial of Service) attack](https://www.cybersecuritydive.com/news/record-ddos-attack-microsoft-azure/805886/), which might originate from a single source, DDoS leverages many machines at once, making mitigation more challenging. ## What Is Network: The OSI Model? To fully grasp how different DDoS attacks work, it’s helpful to understand how data travels in a network. The OSI (Open Systems Interconnection)\*\* model is a conceptual framework that describes seven layers of network communication: - **Layer 7, Application Layer:** Where applications like web browsers or email clients operate. - **Layer 6, Presentation Layer:** Handles [data formatting](https://www.solvexia.com/glossary/data-formatting), encryption, and compression. - \*\*Layer 5, Session Layer: \*\*Manages communication sessions and their states. - **Layer 4, Transport Layer:** Segments data and ensures reliable transmission (e.g., TCP). - **Layer 3, Network Layer:** Routes packets using IP addresses. - **Layer 2, Data Link Layer:** Manages physical link connections (e.g., switches). - L**ayer 1, Physical Layer:** The physical medium (cables, wireless) that carries raw bits. Different DDoS attacks target different layers of this model. Broadly, we categorize them into: ![Dmarc record generator](https://media.mailhop.org/dmarcreport/images/2025/11/dmarc-record-generator-9701.jpg) ## 1\. Application Layer Attacks Application-layer attacks (Layer 7) aim at the very front of your infrastructure - the part users interact with - such as [web servers](https://en.wikipedia.org/wiki/Web%5Fserver), APIs, or login pages. Because these attacks can **mimic legitimate user behavior**, they’re often difficult to detect. ## a) DNS Server Targeting Attacks - Attackers send spoofed, high-volume DNS requests, sometimes leveraging amplification techniques. - A small query can trigger a much larger response, overwhelming the DNS resolver. - These “floods” may appear legitimate, making filtering difficult. ## b) HTTP(S) Encrypted Flood - Botnets generate a **high frequency of HTTP requests** (GET, POST, DELETE, PUT, and more) to a target web server. - Because these requests often come via HTTPS, they are encrypted, harder to inspect, and more resource-intensive for the server to process. - The goal is to saturate the server’s ability to handle simultaneous connections, leading to denial of service for real users. ## 2\. Protocol Attacks Protocol attacks (Layer 3 and 4) aim to exploit weaknesses in communication protocols. These attacks typically target [network infrastructure](https://www.ibm.com/think/topics/network-infrastructure) \- not just the end application - and are meant to exhaust server and networking equipment resources. Here are four common protocol-based DDoS types: ## a) Ping of Death - Historically, attackers would send malformed ping packets that exceed permissible sizes. - These oversized pings can crash or reboot systems. - Though largely outdated, variations remain a risk in **poorly patched systems**. ## b) SYN Flood - This attack abuses the TCP three-way handshake. - Attackers send numerous SYN packets with spoofed IPs to a server. - The target responds with SYN-ACK and waits for final ACK, but because the source is fake, that ACK never arrives. - This ties up open connections until the server’s connection table is exhausted - blocking legitimate connection attempts. ![Dmarc report](https://media.mailhop.org/dmarcreport/images/2025/11/dmarc-report-9701.jpg) ## c) Tsunami SYN Flood - A more aggressive version of the [SYN flood](https://en.wikipedia.org/wiki/SYN%5Fflood). - Packets are larger (around 1,000 bytes), increasing the load per connection. - This intensifies the strain on both bandwidth and connection-handling capacity\*\*. ## d) Connection Exhaustion (State-Exhaustion) - Attackers target devices like firewalls, load balancers, or stateful routers, exhausting their capacity to track connection states. - Because these attacks don’t always rely on spoofed IPs, they are often harder to filter. - There is also a variation targeting SSL/TLS: by continuously renegotiating handshakes or sending invalid packets, attackers can tie up stateful resources on SSL servers . ## 3\. Volumetric Attacks Volumetric attacks aim to consume bandwidth and saturate the network. The measure here is typically in bits per second (bps) - and these attacks can scale into hundreds of **gigabits or even terabits per second**. Here are some of the most notorious volumetric attack variants: ![How to create dmarc record](https://media.mailhop.org/dmarcreport/images/2025/11/how-to-create-dmarc-record-9903.jpg) ## a) DNS Amplification - Attackers send DNS queries with a spoofed source IP address (that of the victim) to open DNS resolvers. - These resolvers reply to the victim with large “ANY” response packets. - Because the response is much larger than the initial request, traffic is amplified, flooding the target with many times the volume of [malicious traffic](https://www.scworld.com/news/malicious-bots-now-make-up-more-than-a-third-of-web-traffic). ## b) UDP Flood - A flood of [User Datagram Protocol (UDP)](https://www.geeksforgeeks.org/computer-networks/user-datagram-protocol-udp/) packets is sent to random or specific ports on the target. - _These packets may be small, but they consume network resources_. - Attackers often spoof the source IP to hide their identity and complicate tracing. ## c) ICMP (Ping) Flood - Attackers bombard the target with ICMP echo-request (“ping”) packets. - The target attempts to reply with echo-reply, tying up resources. - This type can overwhelm both **bandwidth and processing capacity**. ![Create dmarc record](https://media.mailhop.org/dmarcreport/images/2025/11/create-dmarc-record-9701.jpg) ## d) RST-FIN Flood - This is a TCP-based volumetric attack using RST (reset) and FIN (finish) packets. - Since FIN and RST packets are used to gracefully and forcefully shut down connections, floods of them can confuse the **TCP stack on a target system**. - The repeated termination signals consume resources, leading to degraded or halted service. ## e) Smurf Attack - Targets IP broadcast networks by sending spoofed ICMP echo requests. - The source IP is forged to be that of the victim, so all broadcast devices reply to the victim. - The reply flood can overwhelm the victim’s **bandwidth and processing capacity**. - The name “Smurf” comes from a tool that was used for this look-alike attack long ago. ![Dmarc check](https://media.mailhop.org/dmarcreport/images/2025/11/dmarc-check-9903.jpg) ## Why These Attacks Matter (Even for Email Security Teams) As DMARCReport, our primary concern is protecting email domains. But the same bad actors who launch [phishing or spoofing](https://www.msspalert.com/brief/novel-usps-spoofing-phishing-attack-relies-on-malicious-pdfs) campaigns often combine them with DDoS attacks. Here’s why understanding DDoS is important for organizations worried about email security: - **Collateral Damage:** A DDoS attack could take down web-based admin tools for your [email infrastructure](https://www.zoho.com/workplace/articles/email-infrastructure.html), making it difficult to monitor or respond. - **Diversion Tactic:** Attackers may use DDoS as a smokescreen while executing more targeted attacks (e.g., domain spoofing, phishing). - **Domain Reputation:** If your infrastructure is disrupted, it **may affect how other services** (like DNS) respond, which in turn can impact email deliverability . - **Recovery Costs:** DDoS isn’t just about downtime - mitigating it (via scrubbing services, firewalls, etc.) can be expensive, and that cost can divert resources from email security projects. ## How to Mitigate These Threats Based on our experience and best practices across security domains, here’s how you can defend against these common DDoS attacks: - **Use DDoS Mitigation Services:** Employ cloud-based scrubbing services or DDoS protection appliances that can absorb volumetric traffic before it reaches your core infrastructure. - \*\*Rate Limiting & Filtering: \*\*Implement rate limits for [DNS queries](https://bunny.net/academy/dns/what-is-a-dns-and-recursive-query/), HTTP requests, or any externally exposed service. Use filters to drop malformed or suspicious packets. - **Stateful Resource Protection:** Make sure your firewalls, load balancers, or stateful devices have capacity planning and do not allow unlimited connection states. - **TLS/SSL Hardening:** Use the \*\*latest protocols and ensure that SSL/TLS handshake renegotiation is limited. Drop invalid handshake attempts. - **Redundancy & Anycast:** _Distribute your infrastructure (DNS, web, API servers) across multiple geographic regions or use Anycast routing to absorb traffic_. - **Monitoring & Alerting:** Set up real-time monitoring for unusual traffic patterns, connection exhaustion, or sudden spikes in requests. - \*\*Incident Response Plan: \*\*Have a clear plan (and team) ready for DDoS attacks - including failover, communication, and recovery procedures. - \*\*Collaboration: \*\*Work with your [ISP](https://en.wikipedia.org/wiki/Internet%5Fservice%5Fprovider) or DDoS mitigation provider; they might have an upstream scrubbing center. ![Dmarc record](https://media.mailhop.org/dmarcreport/images/2025/11/dmarc-record-9903.jpg) ## Final Thoughts DDoS attacks remain one of the most potent and disruptive cyber threats for online services. At [DMARCReport](https://dmarcreport.com/), we believe that defending your email domain isn’t just about SPF, DKIM, and DMARC - it’s also about protecting the u\*\*nderlying infrastructure that supports your email infrastructure. By understanding the 12 common types of DDoS attacks, security teams can be better prepared to detect, mitigate, and respond to incidents. Even though DDoS attacks may seem unrelated to email, in reality, they intersect at multiple points - whether through DNS, TLS, or web interfaces. A \*\*multi-layered defense strategy (combining network-level protections with email authentication) gives you the best chance to stay resilient in a threat landscape where attackers use every tool in their arsenal. ## Sources - [CISA Binding Operational Directive 18-01](https://www.cisa.gov/news-events/directives/bod-18-01) - [Microsoft Outlook DMARC Enforcement May 2025](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) (2025) - [PCI DSS v4.0 - DMARC Requirement](https://www.pcisecuritystandards.org/) (2025) - [RFC 7489 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)](https://datatracker.ietf.org/doc/html/rfc7489) ## Topics [ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/) ![Vasile Diaconu](https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg) [ Vasile Diaconu ](/authors/vasile-diaconu/) Operations Lead Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report. [LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Foundational 8m 10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[ Foundational 12m 10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[ Foundational 12m 10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[ Foundational 12m 10 Reasons SPF Filtering Is Critical For Email Security Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"12 Common Types Of DDOS Attacks - Explained By DMARCReport","description":"DMARC (RFC 7489) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible From header.","url":"https://dmarcreport.com/blog/12-common-types-of-ddos-attacks-explained-by-dmarcreport/","datePublished":"2025-11-26T10:30:38.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-11-26T10:30:38.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/12-common-types-of-ddos-attacks-explained-by-dmarcreport/"},"articleSection":"foundational","keywords":"dkim, DMARC, email security, SPF","wordCount":1652,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"12 Common Types Of DDOS Attacks - Explained By DMARCReport","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"12 Common Types Of DDOS Attacks - Explained By DMARCReport","item":"https://dmarcreport.com/blog/12-common-types-of-ddos-attacks-explained-by-dmarcreport/"}]} ```