Directory Harvest Attack

Directory Harvest Attack

A Directory Harvest Attack or DHA is a technique used by spammers in an attempt to find valid/existent e-mail addresses at a domain by using brute force. The attack is usually carried out by way of a standard dictionary attack, where valid e-mail addresses are found by brute force guessing valid e-mail addresses at a domain using different permutations of common usernames. These attacks are more effective for finding e-mail addresses of companies since they are likely to have a standard format for official e-mail aliases (i.e. jdoe@example.domain, johnd@example.domain, or johndoe@example.domain).

There are two main techniques for generating the addresses that a DHA will target. In the first, the spammer creates a list of all possible combinations of letters and numbers up to a maximum length and then appends the domain name. This would be described as a standard brute force attack. This technique would be impractical for usernames longer than 5-7 characters. For example, one would have to try 368 (nearly 3 trillion) e-mail addresses to exhaust all 8-character sequences.

The other, more targeted technique, is to create a list that combines common first name and surnames and initials (as in the example above). This would be considered a standard dictionary attack when guessing usernames for e-mail addresses. The success of a directory harvest attack relies on the recipient e-mail server rejecting e-mail sent to invalid recipient e-mail addresses during the Simple Mail Transport Protocol (SMTP) session. Any addresses to which email is accepted are considered valid and are added to the spammer's list (which is commonly sold between spammers). Although the attack could also rely on Delivery Status Notifications (DSNs) to be sent to the sender address to notify of delivery failures, directory harvest attacks likely don't use a valid sender e-mail address.

The actual e-mail message generated to the recipient addresses will usually be a short random phrase such as "hello", so as not to trigger a spam filter. The actual content that is to be advertised will be sent in a later campaign to just the valid email addresses.

One theory is that spammers also use DHAs to disseminate spam, and not just to collect email addresses for a later spam campaign. Using the method in this way, similar to a paper-based leaflet drop, the sender achieves the goal based on sheer volume, and not on accuracy of delivery. Using this method, the message would likely contain the content that the spammer is advertising, and not a short random phrase.

References

v · d · eSpamming
Protocols
Address munging · Bulk email software · Directory Harvest Attack · Joe job · DNSBL · DNSWL · Spambot · Pink contract
Other
Anti-spam
Disposable email address · Email authentication · SORBS · SpamCop · Spamhaus · List poisoning · Bayesian spam filtering · Network Abuse Clearinghouse
Spamdexing
Internet fraud

Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • E-mail address harvesting — E mail harvesting is the process of obtaining lists of e mail addresses using various methods for use in bulk e mail or other purposes usually grouped as spam.MethodsThe simplest method involves spammers purchasing or trading lists of e mail… …   Wikipedia

  • Email spam — An email box folder filled with spam messages. Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually… …   Wikipedia

  • E-mail spam — E mail spam, also known as bulk e mail or junk e mail, is a subset of spam that involves nearly identical messages sent to numerous recipients by e mail. A common synonym for spam is unsolicited bulk e mail (UBE). Definitions of spam usually… …   Wikipedia

  • URL redirection — For URL redirection on Wikipedia, see Wikipedia:Redirect. URL redirection, also called URL forwarding and the very similar technique domain redirection also called domain forwarding, are techniques on the World Wide Web for making a web page… …   Wikipedia

  • DNSBL — A DNSBL (DNS based Blackhole List, Block List, or Blacklist; see below) is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that… …   Wikipedia

  • Internet fraud — refers to the use of Internet services to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme. Internet …   Wikipedia

  • Spamdexing — For spam on Wikipedia, see Wikipedia:Spam and Wikipedia:WikiProject Spam. In computing, spamdexing (also known as search spam, search engine spam, web spam or Search Engine Poisoning)[1] is the deliberate manipulation of search engine indexes. It …   Wikipedia

  • Spam in blogs — For blogs that are built only for spamming, see Spam blog. Spam blacklist redirects here. For Wikipedia s internal spam blocking mechanism, see Wikipedia:Spam blacklist. Spam in blogs (also called simply blog spam or comment spam) is a form of… …   Wikipedia

  • Google bomb — Google bombing here causes the search query miserable failure to be associated with George W. Bush and Michael Moore The terms Google bomb and Googlewashing refer to practices, such as creating large numbers of links, that cause a web page to… …   Wikipedia

  • Anti-spam techniques — To prevent e mail spam (aka unsolicited bulk email), both end users and administrators of e mail systems use various anti spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”