[Term of the Day]: Directory Harvest Attack

[Term of the Day]: Directory Harvest Attack

Term of the Day


"Directory Harvest Attack"


What is DHA?

DHA, the acronym of Directory Harvest Attack is a technique spammers use to find valid email addresses at a domain. 

During a DHA, spammers use a trial-and-error strategy called a brute force attack or exhaustive key search in an attempt to deliver messages to multiple addresses such as janedoe@xyz.com, jane@xyz.com and jdoe@xyz.com to discover valid or existing email addresses in an SMTP mail server.

Any addresses that are not rejected during the SMTP conversation or bounced after receipt are determined as valid. Spammers then create a database of all the e-mail addresses at the server that were not returned during the attack and sell to other spammers worldwide.

I'm sure most of us would have experienced receiving a lot of spam emails within hours after creating a new e-mail address. I hope this post helps you understand the reason behind it.