Spammers, list brokers or other unscrupulous culprits exploit this simple functionality to harvest legitimate email addresses from a corporate directory by sending thousands (or even hundreds of thousands) of messages to multiple addresses such as firstname.lastname@example.org, or email@example.com. Spammers track all of the addresses that do not bounce back or generate errors, and consider these valid addresses, which are then compiled into lists that are then sold or distributed to other spammers. In fact, it is not uncommon for new users of popular email systems like Yahoo or Hotmail to receive spam before they’ve ever used their new email address!
Directory harvest attacks also have a very damaging side effect: consuming enormous amounts of email server resources while email servers try to cope with DHA probes.
Lotus Notes and Exchange servers, for example, generally accept all messages for their domain by default. This only aggravates the negative impact of a directory harvest attack because the spammer assumes all the attempted addresses are valid, and thus will send more spam or sell the attempted addresses to others.
Unfortunately, directory harvest attacks are often launched simultaneously, from many different computers. The resulting spike in traffic from the directory harvest attack can easily knock an email server offline.
Anti-spam Solutions Must Go Beyond Content Filtering
Because of the harmful impact from DHAs on email system performance, directory harvest attacks must be treated as more than just an email inbox or end user annoyance issue. Directory harvest attacks cannot be stopped by conventional content filtering found in appliances or software since there is no “content”. Nor can spam messages that reduce or eliminate “content” in a message be reliably blocked with content filtering.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.