This help section describes the DHA Protection Test. Configuration of this feature is available on the page of the Administration Tool.
This test can be used to detect and stop certain Directory Harvest Attacks (DHAs). During a DHA, the attacker tries to discover valid email addresses by attempting to send to commonly used (e.g., info@ john@, etc.) or random generated email addresses. By inspecting the response from your server, the attacker can find out if the address is valid.
Most of these attacks are widely distributed which makes their detection very hard. Due to this, the DHA Protection Test is not guaranteed to detect all DHA attempts.
ORF monitors the incoming email flow and records the IP address of senders who send emails to non-existent / blacklisted recipient addresses in a database. If the same sender attempts to send emails to such recipients several times in a specified timeframe, it is likely looking for valid "spammable" addresses. If the number of invalid attempts reaches a pre-configured limit, the sender becomes blacklisted for valid / existent recipients as well.
Senders will be blacklisted by the DHA Protection test for 24 hours after 3 invalid attempts within 3 hours by default. We recommend keeping the default settings to avoid false positives.
Enable or disable the DHA Protection Test by clicking the ON / OFF button on top of the page, or on the page.
See the Database Settings Dialog topic.
See the DHA Protection Test Settings Dialog topic.
Invalid delivery attempts are reported to the DHA Protection Test by the recipient tests of ORF—primarily the Recipient Validation Test and secondly, the Recipient Blacklist.
Either of these tests must be enabled for the DHA Protection Test to work.
It is recommended to assign the DHA Protection Test to the Before Arrival filtering point if possible.
In fact, there is little use of DHA Protection at the On Arrival filtering point, because harvest attacks occur at the Before Arrival filtering point and they never reach On Arrival. When they do, it is usually not a real harvest attack, but the result of what we term "address list enrichment", i.e., when the address lists acquired by spammers contain "invented" email addresses. In this case, actual spam is sent to an invalid address. Running the DHA Protection Test at On Arrival can provide a limited protection against this.