The Shifting Tactics of Spammers: Protect Your Firm Against the Newest Email Threats
by Scott Petry - Founder & Senior Vice President of Products and Engineering, Postini - Monday, 11 April 2005.
Spammers, list brokers or other unscrupulous culprits exploit this simple functionality to harvest legitimate email addresses from a corporate directory by sending thousands (or even hundreds of thousands) of messages to multiple addresses such as, or Spammers track all of the addresses that do not bounce back or generate errors, and consider these valid addresses, which are then compiled into lists that are then sold or distributed to other spammers. In fact, it is not uncommon for new users of popular email systems like Yahoo or Hotmail to receive spam before they’ve ever used their new email address!

Directory harvest attacks also have a very damaging side effect: consuming enormous amounts of email server resources while email servers try to cope with DHA probes.

Lotus Notes and Exchange servers, for example, generally accept all messages for their domain by default. This only aggravates the negative impact of a directory harvest attack because the spammer assumes all the attempted addresses are valid, and thus will send more spam or sell the attempted addresses to others.

Unfortunately, directory harvest attacks are often launched simultaneously, from many different computers. The resulting spike in traffic from the directory harvest attack can easily knock an email server offline.

Anti-spam Solutions Must Go Beyond Content Filtering

Because of the harmful impact from DHAs on email system performance, directory harvest attacks must be treated as more than just an email inbox or end user annoyance issue. Directory harvest attacks cannot be stopped by conventional content filtering found in appliances or software since there is no “content”. Nor can spam messages that reduce or eliminate “content” in a message be reliably blocked with content filtering.

The detection of minimal content spam and DHAs needs to occur in real time, at the SMTP connection point, in order to prevent them from ever reaching the email gateway. Fortunately there are commercially available solutions today that can prevent email connection point attacks and block spam from shifting IP addresses. There is also technology that can dynamically recognize the legitimate IP addresses of organizations, for example, and perform a real time IP address assessment helping to minimize false positives. It’s important that you consider these newly evolving threats as you evaluate your existing anti-spam tools and plan your email security strategy for protecting the critical communications so vital to your firm.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th