E-mail security vendor Proofpoint is upgrading the core of its gateway software and appliance with additional spam and directory harvest-attack prevention, and is adding a module to help catch viruses during the first few hours of an outbreak.

With Proofpoint Protection Server 4.0 software and the Proofpoint Messaging Security Gateway 4.0 appliance, both slated for release this week, the company is responding to what it says is a significant increase in directory harvest attacks, says Andres Kohn, vice president of product management.

In these attacks, spammers flood a recipient's mail server with messages addressed to made-up e-mail names, to which the mail server will respond saying the e-mail addresses are invalid. Whenever spammers don't receive bounce-back messages, they know the addresses are valid, and they spam away.

Directory harvest attacks also cause spikes in mail flow that can tax mail servers, Kohn says. Version 4.0 helps prevent these attacks by blocking or throttling back messages coming from an IP address that has hit a preset threshold in the number of messages sent to invalid addresses. So if, for example, a sender attempts to send messages to 20 invalid addresses, Proofpoint will block any further attempts to send mail.

One analyst doesn't necessarily agree that directory harvest attacks - or dictionary attacks - are on the rise, but concurs that they can cause headaches and enterprises should look to their anti-spam suppliers to help block them.

"There's a lot of good that comes from having your anti-spam [product] detect dictionary attacks, which can fill up your mail server's hard drive and crash your server," says Daniel Golding, senior analyst at Burton Group.

Other enhancements in Version 4.0 include the ability to detect spam messages written in double-byte languages such as Japanese and Chinese. The new version also blocks e-mails with embedded URLs that are associated with phishing or spyware sites, Kohn says.

In this release, the company has enhanced outbound e-mail scanning features with a quick-inspection view that lets non-technical users quickly check if employees are violating corporate rules or government regulations regarding what can and cannot be e-mailed outside the company.