Each of those attacks, said Smith, averaged 234 invalid address lookups, creating an average of over 35,000 invalid lookups per day per company. The time spent dealing with a DHA chews up mail server processor time, packs deferral queues on those servers, and in some cases, can crash the server.
"That's a lot of useless work done by the server," said Smith. "Think of a single invalid lookup as a mosquito bite. One is no big deal, but say 40,000 and its death by mosquito bite."
In December 2004, Postini monitored its largest-ever DHA, one against a major North American retailer that peaked at more than 60,000 invalid address lookups every minute.
"If they hadn't been protected by Postini," Smith claimed, "a DHA of that magnitude would certainly have crippled their mail infrastructure."
Postini noted that the number of DHAs against its customers tripled in 2004 compared to the previous year, and that it often saw circumstantial evidence that spammers are tightly linking harvesting attacks and spam campaigns. "We've seen cases when a harvest happens and then a spam attack immediately follows," said Smith. In several cases it was clear that the one-two punch was automated, rather than being coordinated by a human spammer.