Directory harvest attacks (DHAs) are the least visible, most under-reported threat to corporate e-mail systems, a study published Wednesday said.
DHAs are brute force attempts by spammers to find valid e-mail addresses where the spammer connects to business's e-mail server and guesses addresses until he gets some right. Those addresses are then harvested for use in later spam campaigns.
"DHAs are the silent kill of e-mail servers," said Chris Smith, the marketing director at anti-spam managed service provider Postini, and author of the Redwood City, Calif.-based firm's annual E-Mail Security Report.
"It's the most under-reported threat by far," said Smith. "The thing is, directory harvest attacks work, and they're how spammers are getting their spam addresses now. Plus they're difficult to defend against."
To illustrate the nature of DHAs, Smith cited data from Postini's efforts during 2004, in which it deflected an average of 150 DHAs per day per customer. Postini has some 5,000 corporate customers.