Directory Harvest Attack

Why Trust Techopedia

What Does Directory Harvest Attack Mean?

A directory harvest attack (DHA) is a technique or method used by spammers to find valid email addresses at a domain. A DHA uses a trial-and-error strategy called a brute force attack or exhaustive key search in an attempt to discover valid or existing email addresses in an SMTP mail server. The brute force approach tries all possible alphanumeric combinations used for a common username, which is the part that comes before the @domain of an email address.

Advertisements

Techopedia Explains Directory Harvest Attack

Another approach to a directory harvest attack involves spammers who check the SMTP mail server for valid email addresses. They send email to different email addresses using a dictionary to search for common first names and surnames or initial combinations. The addresses at which the emails are accepted are regarded as valid, and those addresses are included in the spammer’s list. Organizations using email addresses with a standardized first name and last name format before the @domain are often the victims of DHA attacks.

The DHA guessing game of valid email addresses at a domain is usually done by software. A spammer executes a program used to guess different permutations of common names or alphanumeric names at a domain. The DHA program then attempts to send messages to the guessed email addresses. By process of elimination, the email addresses that do not reject the sent messages are added to the spammer’s databases.

The specific email message meant for the DHA will often use a short random phrase like "hello" in order to escape from a spam filter. The actual content meant for advertising will be sent in a later campaign only to those valid email addresses that did not reply with a failure notice when the DHA message was sent.
There are mail servers and security vendors that offer features to minimize DHA. These mail servers usually monitor the statistics of misaddressed emails. When invalid emails received by the mail server pass a certain threshold, the messages and/or senders are rejected or deferred for a certain period of time. These mail servers attempt to ensure that legitimate emails are not labeled as DHA.

Advertisements

Related Terms

Margaret Rouse
Technology Specialist
Margaret Rouse
Technology Specialist

Margaret is an award-winning writer and educator known for her ability to explain complex technical topics to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles in the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret’s idea of ​​a fun day is to help IT and business professionals to learn to speak each other’s highly specialized languages.