SpammerTrap Handles Directory Harvest Attacks

 Print E-mail
User Rating: / 0
PoorBest 

Definition of a DHA (Directory or Dictionary Harvest Attack):
When a hacker uses an email address such as {username}@companyname.com where the {username} is pulled out of a dictionary of first/last/email combinations. Using this procedure, a spammer can send 50,000 emails in one day.

Definition of Backscatter:
If the DHA attack fails, the emails bounce to you or a forged address. This is called backscatter. A spammer does not need to know your email address, just your domain.

There are two options when dealing with dictionary attacks and backscatter. These options can be made via the web console if you want to experiment.

  1. Pass EVERYTHING to final destination, let it bounce or NDR there. A potential problem is that you will still flood the email system with spam sent to invalid users.
  2. Allow the SpammerTrap to keep a list of valid users.

The SpammerTrap can detect dictionary attacks and drop the connection after five errors. If option #2 is used, here are additional options that can be implemented.

1. DISCARD unknown users

  • Spammers cannot tell if they hit a valid address.
  • A potential problem is that a valid sender who mispelleds an email address will never know the message was not delivered.

2. DELAY delivery

  • Spammers will ignore it, valid users will not know right away.
  • A potential problem is that a valid sender who misspells your email address may not know about it for days.
  • Recommended if you add a lot of users.
  • This option will tell the sending mail system to re-queue the email.

3. SEND NDR immediately

  • A potential problem is that a valid sender who sends email RIGHT AWAY to a new user will get their
    email bounces.
  • Recommended if you do not add a lot of users and there is a 'relay' or 'aliases' file that SpammerTrap
    can pull.

The following are options for keeping a list of valid users on SpammerTrap:

  1. Web based interface (recommended if you add a lot of users)
  2. SpammerTrap can 'pull' information via SFTP, FTP, IMAP or HTTP get (recommended if you do not add a lot of users and there is a 'relay' or 'aliases' file that SpammerTrap can pull)
  3. You can 'push' information to the SpammerTrap via SCP.
 
supercilious
supercilious
supercilious
supercilious