Security 101: Protecting Your Email from DHAs

Spam has plagued email users since its inception. Users obtain a brand new email address only to be pummeled with spam and phishing campaigns, sometimes within a matter of hours.

Without fail, cybercriminals seem to have access to a never-ending supply of email addresses and other personally identifying information to fuel spam, phishing and malware activities.

That isn't by accident. One of the ways cybercriminals can tap into that bottomless well of personally identifying information is through a Directory Harvesting Attack (DHA).

A DHA is an assault on an email server in an attempt to pilfer legitimate email addresses that can be added to databases for future spam campaigns. The attack occurs when spammers leverage known email addresses to uncover other legitimate e-mail addresses from corporate or ISP servers.

Cybercriminals generally execute this attack in one of two ways.

The first, and most sensational, method is via a brute force attack, which bombards an email server with all possible alphanumeric combinations in an attempt to decipher the username of the address.

The second, more selective method entails sending messages to the most likely usernames by using all possible name combinations. The email server issues a "Not found" message for email addresses that don't exist, but doesn't return any communications for valid addresses. The DHA attack then compiles all the email addresses not returned by the server, and then adds them to a database as fodder for current or future campaigns.

It should come as no surprise, then, that DHA attacks are the tool of choice for spammers and phishers alike. They help supply spammers with a seemingly endless stream of targets, eliciting copious returns in exchange for relatively little upfront investment.

For end-users, DHAs have many challenges. For one, spam occupies the vast majority of inbox email. In recent years, mass mailer spam has experienced a decline, but messages with malicious attachments and targeted phishing links are on the rise, according to reports.

As with other forms of malware, DHAs place additional strain on user systems, burdening public and private email servers when the network is bombarded with mostly unsolicited and unwanted emails. And successful DHA attacks wreak havoc by generating myriad privacy issues, especially when the lists of compromised user data is made public.

In recent years, directory harvesting has been equipped with enhancements, thanks to the increased reliance on spambots -- automated programs that generate copious amounts of spam.

In short, directory harvesting still poses significant security challenges that aren't going away any time soon. However, there are ways to reduce the effects of directory harvesting and control the amount of spam in user inboxes.

The user will require a comprehensive email security solution to combat the problem on numerous fronts. An email security strategy needs to ensure secure email delivery through encryption technologies , which can incorporate PKI, key exchange, client software and the ability to send email without a pre-existing relationship to the receiver.

Another robust email security mechanism is reputation protection that is aimed at throttling and blocking inbound and outbound spam and malware by examining a program's history to determine its current and future behaviors.

Rounding out a comprehensive email security arsenal is data leak prevention (DLP) , which prevents valuable data and sensitive personally identifying information from exiting the network via email, either in the body of the message or as an attachment.

Finally, IT administrators need to create sound security policies and appropriate rules to handle messages containing a high number of spoofed messages and unresolved addresses.

Show Comments