directory harvest attack (DHA)

A Directory Harvest Attack (DHA) is an attack on a mail server to grab email addresses that can then be used for spams.

In DHA attacks, mail servers are bombarded with thousands by means of mailbombing, in which the user ID of the email address consists of as many alphanumeric combinations as possible. The more user IDs that are transmitted, the higher the probability of a valid email address.

In a brute force attack, all possible alphanumeric combinations are systematically run through to determine the user ID. To prevent the DHA process from taking too much time, another method involves entering only initials with possible last names. Since the mail server returns undeliverable mail addresses, valid mail addresses can be selected directly.