Security 101: Protecting Your Email from DHAs

Spam has plagued email users since its inception. Users obtain a brand new email address only to be pummeled with spam and phishing campaigns, sometimes within a matter of hours.

Without fail, cybercriminals seem to have access to a never-ending supply of email addresses and other personally identifying information to fuel spam, phishing and malware activities.

That isn't by accident. One of the ways cybercriminals can tap into that bottomless well of personally identifying information is through a Directory Harvesting Attack (DHA).

A DHA is an assault on an email server in an attempt to pilfer legitimate email addresses that can be added to databases for future spam campaigns. The attack occurs when spammers leverage known email addresses to uncover other legitimate e-mail addresses from corporate or ISP servers.

Cybercriminals generally execute this attack in one of two ways.

The first, and most sensational, method is via a brute force attack, which bombards an email server with all possible alphanumeric combinations in an attempt to decipher the username of the address.

The second, more selective method entails sending messages to the most likely usernames by using all possible name combinations. The email server issues a "Not found" message for email addresses that don't exist, but doesn't return any communications for valid addresses. The DHA attack then compiles all the email addresses not returned by the server, and then adds them to a database as fodder for current or future campaigns.

It should come as no surprise, then, that DHA attacks are the tool of choice for spammers and phishers alike. They help supply spammers with a seemingly endless stream of targets, eliciting copious returns in exchange for relatively little upfront investment.

For end-users, DHAs have many challenges. For one, spam occupies the vast majority of inbox email. In recent years, mass mailer spam has experienced a decline, but messages with malicious attachments and targeted phishing links are on the rise, according to reports.

As with other forms of malware, DHAs place additional strain on user systems, burdening public and private email servers when the network is bombarded with mostly unsolicited and unwanted emails. And successful DHA attacks wreak havoc by generating myriad privacy issues, especially when the lists of compromised user data is made public.

In recent years, directory harvesting has been equipped with enhancements, thanks to the increased reliance on spambots -- automated programs that generate copious amounts of spam.

In short, directory harvesting still poses significant security challenges that aren't going away any time soon. However, there are ways to reduce the effects of directory harvesting and control the amount of spam in user inboxes.

The user will require a comprehensive email security solution to combat the problem on numerous fronts. An email security strategy needs to ensure secure email delivery through encryption technologies , which can incorporate PKI, key exchange, client software and the ability to send email without a pre-existing relationship to the receiver.

Another robust email security mechanism is reputation protection that is aimed at throttling and blocking inbound and outbound spam and malware by examining a program's history to determine its current and future behaviors.

Rounding out a comprehensive email security arsenal is data leak prevention (DLP) , which prevents valuable data and sensitive personally identifying information from exiting the network via email, either in the body of the message or as an attachment.

Finally, IT administrators need to create sound security policies and appropriate rules to handle messages containing a high number of spoofed messages and unresolved addresses.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about DLP

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Computerworld Philippines staff

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place