What is a Directory Harvest Attack?

Article:TECH90235  |  Created: 2008-01-15  |  Updated: 2013-10-22  |  Article URL http://www.symantec.com/docs/TECH90235
Article Type
Technical Solution



What is a Directory Harvest Attack?


E-mail messages recieved by end users with little or no content in the message header and body often constitute a directory harvest attack (DHA) or chaff.

DHAs are used by spammers to determine valid/invalid email addresses by trial and error.

A spammer will typically target a specific domain, sending a blank body/subject line attack to a series of common names, abbreviations, numbers that would be commonly associated with vaild email addresses from those domains.

Any messages that are not rejected during the SMTP conversation nor bounced after receipt are considered valid addresses by the spammers, and can be used in a future spam campaigns as well as sold to other spammers and 3rd parties for other uses.

Example DHA e-mail message:

Symantec Security Response Web Site

Legacy ID


Article URL http://www.symantec.com/docs/TECH90235

Terms of use for this information are found in Legal Notices