It's a tenet of legal thrillers as well as the news: The absence of a denial can be as informative as a direct confirmation. This simple idea underlies the directory harvest attack (DHA), an increasingly prevalent technique for mining e-mail addresses that can then be bombarded with unwanted solicitations. Enterprise e-mail security vendor Postini reports that DHAs increased by 250 percent in 2003 and now account for as much as one-quarter of the requests that some SMTP (Simple Mail Transfer Protocol) servers process each day.

In a DHA, an attacker unleashes a program that guesses at possible e-mail addresses within a domain and attempts to send messages to those addresses. The server rejects requests intended for addresses that don't exist. By the process of elimination, the addresses it doesn't reject are deemed valid, and the program can add them to a spammer's databases

Comments

Popular Posts