directory harvest attack
A technique to build a spam mailing list by sending all possible alphanumeric combinations for the user name to an email domain and building a database of all addresses that do not generate a reply. The harvesting software uses either a brute force approach (sending all possible alphanumeric combinations for the username), or a more selective method (for example, using all possible first initials followed by common surnames). In either case, the email server generally returns a “Not found” reply for all messages sent to a nonexistent address and none for those sent to valid addresses. The harvesting program builds a database of all addresses that do not generate a reply.
© 2017 Sophos Limited. All rights reserved.