A Directory Harvest Attack (DHA) is an attack on a mail server to harvest email addresses that can then be used for spam
. In DHA attacks, mail servers are bombarded with thousands by means of mailbombing
, in which the user ID of the e-mail address consists of as many alphanumeric combinations as possible. Themore user IDs that are transmitted, the higher the probability of a valid email address.
In a brute force attack, all possible alphanumeric combinations are systematically run through to determine the user ID. To prevent the DHA process from taking too much time, another method involves entering only initials with possible last names. Since the mail server returns undeliverable mail addresses, valid mail addresses can be selected directly.