Directory Harvest Attack (DHA)
Definition - What does Directory Harvest Attack (DHA) mean?
A directory harvest attack (DHA) is a technique or method used by spammers to find valid email addresses at a domain. A DHA uses a trial-and-error strategy called a brute force attack or exhaustive key search in an attempt to discover valid or existing email addresses in an SMTP mail server. The brute force approach tries all possible alphanumeric combinations used for a common username, which is the part that comes before the @domain of an email address.
Techopedia explains Directory Harvest Attack (DHA)
Another approach to a directory harvest attack involves spammers who check the SMTP mail server for valid email addresses. They send email to different email addresses using a dictionary to search for common first names and surnames or initial combinations. The addresses at which the emails are accepted are regarded as valid, and those addresses are included in the spammer's list. Organizations using email addresses with a standardized first name and last name format before the @domain are often the victims of DHA attacks.
The DHA guessing game of valid email addresses at a domain is usually done by software. A spammer executes a program used to guess different permutations of common names or alphanumeric names at a domain. The DHA program then attempts to send messages to the guessed email addresses. By process of elimination, the email addresses that do not reject the sent messages are added to the spammer’s databases.
The specific email message meant for the DHA will often use a short random phrase like "hello" in order to escape from a spam filter. The actual content meant for advertising will be sent in a later campaign only to those valid email addresses that did not reply with a failure notice when the DHA message was sent.
There are mail servers and security vendors that offer features to minimize DHA. These mail servers usually monitor the statistics of misaddressed emails. When invalid emails received by the mail server pass a certain threshold, the messages and/or senders are rejected or deferred for a certain period of time. These mail servers attempt to ensure that legitimate emails are not labeled as DHA.