6.8 ORF Online Help
Select your ORF version:

Table of Contents

DHA Protection Test

This help section describes the DHA Protection Test. Configuration of this feature is available on the BlacklistDHA Protection Test page of the Administration Tool.

General Information

This test can be used to detect and stop certain Directory Harvest Attacks (DHAs). During a DHA, the attacker tries to discover valid email addresses by attempting to send to commonly used (e.g., [email protected] [email protected], etc.) or random generated email addresses. By inspecting the response from your server, the attacker can find out if the address is valid.

Most of these attacks are widely distributed which makes their detection very hard. Due to this, the DHA Protection Test is not guaranteed to detect all DHA attempts.

How Does It Work?

ORF monitors the incoming email flow and records the IP address of senders who send emails to non-existent / blacklisted recipient addresses in a database. If the same sender attempts to send emails to such recipients several times in a specified timeframe, it is likely looking for valid "spammable" addresses. If the number of invalid attempts reaches a pre-configured limit, the sender becomes blacklisted for valid / existent recipients as well.

Senders will be blacklisted by the DHA Protection test for 24 hours after 3 invalid attempts within 3 hours by default. We recommend keeping the default settings to avoid false positives.

Enabling or Disabling the DHA Protection Test

Enable or disable the DHA Protection Test by clicking the ON / OFF button on top of the BlacklistDHA Protection Test page, or on the FilteringTests page.

Using the DHA Protection Test

Database button

See the Database Settings Dialog topic.

Settings button

See the DHA Protection Test Settings Dialog topic.


Reliance on the Recipient Validation test / Recipient Blacklist

Invalid delivery attempts are reported to the DHA Protection Test by the recipient tests of ORF—primarily the Recipient Validation Test and secondly, the Recipient Blacklist.

Either of these tests must be enabled for the DHA Protection Test to work.

Copyright © Vamsoft Ltd. 2023. All rights reserved. Document ID adm-dhaprotection, version 2.