Directory Harvest Attacks: What Makes Them a Problem?


A directory harvest attack, usually abbreviated to DHA, is a type of cyber attack that attempts to find as many valid email addresses associated with a single email server as possible. It’s a way of mining email addresses, and it’s an attack that is becoming more popular. Without much in the way of risk, a successful DHA can yield scores of valid email addresses that can then be added to a spam database.

DHAs work via one of two main methods:

  • The spammer creates a list of possible combinations of letters and numbers, then appends the domain name. It’s impractical for longer usernames, but it can still yield results.
  • A more targeted technique combines common first names, surnames, and initials.

Servers will reject requests sent to email accounts that don’t exist; by the process of elimination, only valid email addresses are left. These can be added to a spammer’s database.

So, why are DHAs such a serious problem?

Firstly, a DHA places plenty of strain on your server. It depends on the aggressiveness of the program, but a DHA can place such demands on a server that it mimics a denial-of-service attack. As a result, email delivery will be drastically slowed, and your network may even become unresponsive. If the spammer is particularly aggressive, your email server could become overloaded with so many messages that legitimate emails from your contacts cannot come through.

Such issues are really only the tip of the iceberg. As spammers continue to target your email account, it becomes more likely for a virus, trojan, worm, or other piece of malware to infiltrate your network. Unfortunately, malicious software is often hard to spot since it will be included in a secondary email instead of the original one that first validated your email address.


Comments are closed.