• United States

Beware the harvest attack

Jun 12, 20032 mins
Enterprise ApplicationsMalwareMessaging Apps

* Harvest attacks are one way spammers get valid e-mail addresses

We all know spam is getting worse. Part of the reason is that spammers have a variety of tools at their disposal to gather fresh e-mail addresses.

A quick search of the Web will reveal a host of tools to automatically extract e-mail addresses from Web pages, newsgroups, text files and other online sources. These tools manage the lists of e-mail collected – they eliminate duplicates, personalize messages and perform other functions.

However, a particularly insidious method of gathering e-mail addresses is known as a directory, or dictionary, harvest attack. This technique is one of the most effective used by spammers to gather new e-mail addresses and it can impose a huge burden on e-mail servers. In this technique, a spammer will flood an e-mail server with a large number of e-mails using fabricated addresses. Because the SMTP protocol will automatically bounce the invalid addresses, those that do not bounce back are assumed to be active e-mail addresses. These addresses are then added to a database and can then be used by spammers to be confident that the vast majority of the messages they send will be received.

In an enterprise or ISP, the fundamental problem with these attacks is that they consume e-mail server resources and can cause servers to crash or to deliver e-mail more slowly – not to mention that they result in fueling the creation of even more spam. Postini estimates that one-third of all e-mail server activity is devoted simply to processing harvest attacks.

To stop harvest attacks, you can use a spam-blocking service that detects and halts the attacks as soon as they start, you can implement a mail server with harvest attack protection built in, or you can implement a firewall that will prevent harvest attacks from successfully stealing the contents of your corporate directory. Implementing this capability, in addition to spam-blocking technology, will bolster corporate defenses against spammers.