Cisco CloudCenter: Get the Hybrid IT Advantage

Directory Harvest Attack (DHA)

Definition - What does Directory Harvest Attack (DHA) mean?

A directory harvest attack (DHA) is a technique or method used by spammers to find valid email addresses at a domain. A DHA uses a trial-and-error strategy called a brute force attack or exhaustive key search in an attempt to discover valid or existing email addresses in an SMTP mail server. The brute force approach tries all possible alphanumeric combinations used for a common username, which is the part that comes before the @domain of an email address.

Techopedia explains Directory Harvest Attack (DHA)

Another approach to a directory harvest attack involves spammers who check the SMTP mail server for valid email addresses. They send email to different email addresses using a dictionary to search for common first names and surnames or initial combinations. The addresses at which the emails are accepted are regarded as valid, and those addresses are included in the spammer's list. Organizations using email addresses with a standardized first name and last name format before the @domain are often the victims of DHA attacks.

The DHA guessing game of valid email addresses at a domain is usually done by software. A spammer executes a program used to guess different permutations of common names or alphanumeric names at a domain. The DHA program then attempts to send messages to the guessed email addresses. By process of elimination, the email addresses that do not reject the sent messages are added to the spammer’s databases.

The specific email message meant for the DHA will often use a short random phrase like "hello" in order to escape from a spam filter. The actual content meant for advertising will be sent in a later campaign only to those valid email addresses that did not reply with a failure notice when the DHA message was sent.
There are mail servers and security vendors that offer features to minimize DHA. These mail servers usually monitor the statistics of misaddressed emails. When invalid emails received by the mail server pass a certain threshold, the messages and/or senders are rejected or deferred for a certain period of time. These mail servers attempt to ensure that legitimate emails are not labeled as DHA.

Share this:

Connect with us

Email Newsletter

Join thousands of others with our weekly newsletter

The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.