Directory Harvest Attack (DHA)

What is a directory harvest attack?

A directory harvest attack (DHA) is a technique used by spammers in an attempt to find valid/existent email addresses at a domain by using brute force. The attack is usually carried out by way of a standard dictionary attack, where valid email addresses are found by brute force by guessing valid email addresses at a domain using different permutations of common usernames. These attacks are more effective for finding the email addresses of companies since they are likely to have a standard format for official email aliases (i.e. jdoe@example.domain, johnd@example.domain, or johndoe@example.domain).

There are two main techniques for generating the addresses that a DHA targets. In the first, the spammer creates a list of all possible combinations of letters and numbers up to a maximum length and then appends the domain name. This would be described as a standard brute force attack. This technique would be impractical for usernames longer than 5-7 characters. For example, one would have to try 368 (nearly 3 trillion) email addresses to exhaust all 8-character sequences.

The other, more targeted technique, is to create a list that combines common first names and surnames, and initials (as in the example above). This would be considered a standard dictionary attack when guessing usernames for email addresses. The success of a directory harvest attack relies on the recipient email server rejecting emails sent to invalid recipient email addresses during the Simple Mail Transfer Protocol (SMTP) session. Any addresses to which email is accepted are considered valid and are added to the spammer’s list (which is commonly sold between spammers). Although the attack could also rely on Delivery Status Notifications (DSNs) to be sent to the sender address to notify of delivery failures, directory harvest attacks likely don’t use a valid sender email address.

The actual email message generated to the recipient addresses will usually be a short random phrase such as “hello”, so as not to trigger a spam filter. The actual content that is to be advertised will be sent in a later campaign to just the valid email addresses.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Directory Harvest Attack (DHA)

Products

Industry

Solutions

Resources

Partners

Company

Directory Harvest Attack (DHA)

Products

Industry

Solutions

Resources

Partners

Company

WordPress Download Manager