Directory harvest attack

Directory harvest attack (DHA) is a technique used by spammers to collect valid email addresses from a particular domain. This method involves sending a large number of emails to different possible addresses within a domain and recording which addresses do not result in a bounce-back message. The addresses that do not bounce back are considered valid and are then targeted for spam.

Mechanism[edit | edit source]

A directory harvest attack typically involves the following steps:

1. The attacker generates a list of potential email addresses using common names, words, and patterns.
2. The attacker sends emails to these addresses.
3. The attacker monitors the responses to identify which emails bounce back as undeliverable.
4. The attacker compiles a list of valid email addresses that did not bounce back.

Prevention[edit | edit source]

Organizations can take several measures to protect against directory harvest attacks:

• Implementing rate limiting on incoming email traffic to detect and block suspicious patterns.
• Using CAPTCHA challenges for email sign-ups to prevent automated systems from generating email addresses.
• Employing email address obfuscation techniques to make it harder for attackers to guess valid addresses.
• Configuring mail servers to not reveal whether an email address is valid or not in bounce-back messages.

Impact[edit | edit source]

Directory harvest attacks can lead to an increase in spam, phishing attempts, and other malicious activities targeting the harvested email addresses. This can result in decreased productivity, increased security risks, and potential damage to the organization's reputation.

Related Pages[edit | edit source]

• Email spam
• Phishing
• CAPTCHA
• Mail server
• Rate limiting