Directory harvest attacks also have a very damaging side effect: consuming enormous amounts of email server resources while email servers try to cope with DHA probes.
Lotus Notes and Exchange servers, for example, generally accept all messages for their domain by default. This only aggravates the negative impact of a directory harvest attack because the spammer assumes all the attempted addresses are valid, and thus will send more spam or sell the attempted addresses to others.
Unfortunately, directory harvest attacks are often launched simultaneously, from many different computers. The resulting spike in traffic from the directory harvest attack can easily knock an email server offline.
Anti-spam Solutions Must Go Beyond Content Filtering
Because of the harmful impact from DHAs on email system performance, directory harvest attacks must be treated as more than just an email inbox or end user annoyance issue. Directory harvest attacks cannot be stopped by conventional content filtering found in appliances or software since there is no “content”. Nor can spam messages that reduce or eliminate “content” in a message be reliably blocked with content filtering.
The detection of minimal content spam and DHAs needs to occur in real time, at the SMTP connection point, in order to prevent them from ever reaching the email gateway. Fortunately there are commercially available solutions today that can prevent email connection point attacks and block spam from shifting IP addresses. There is also technology that can dynamically recognize the legitimate IP addresses of organizations, for example, and perform a real time IP address assessment helping to minimize false positives. It’s important that you consider these newly evolving threats as you evaluate your existing anti-spam tools and plan your email security strategy for protecting the critical communications so vital to your firm.