directory harvest attack (DHA)

A directory harvest attack (DHA) is an attempt to determine the valid e-mail addresses associated with an e-mail server so that they can be added to a spam database.

A directory harvest attack can use either of two methods for harvesting valid e-mail addresses. The first method uses a brute force approach to send a message to all possible alphanumeric combinations that could be used for the username part of an e-mail at the server, up to and including those of length n characters (where n is some preset positive integer such as 15). The second and more selective method involves sending a message to the most likely usernames - for example, for all possible combinations of first initials followed by common surnames. In either case, the e-mail server generally returns a "Not found" reply message for all messages sent to a nonexistent address, but does not return a message for those sent to valid addresses. The DHA program creates a database of all the e-mail addresses at the server that were not returned during the attack.

The DHA approach explains how a new e-mail address can start receiving spam within days or hours after its creation. Various solutions have been developed toward repelling these attacks. Some of the most effective involve slowing down the rate at which the attack can take place, rather than attempting to filter out the entire attack. This can be done by limiting the number of e-mail messages per minute or per hour at which a server can receive messages, legitimate or otherwise. So-called spam filters, programmed to identify character and word combinations typical of spam, can also be effective, although they occasionally reject legitimate messages.

This was last updated in October 2005

Continue Reading About directory harvest attack (DHA)

Dig Deeper on Hacker tools and techniques: Underground hacking sites