IBM AH0QXML User Guide - Page 74
Protecting your Domino server from active address harvesting attacks
![]() |
View all IBM AH0QXML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 74 highlights
4.5 Protecting your Domino server from active address harvesting attacks In this section we introduce some of the active address harvesting attack types that spammers use to obtain email addresses, and we give recommendations and instructions on how you can protect your Domino 6 server from these attacks. 4.5.1 SMTP harvesting attacks The most insidious types of attacks can occur when spammers attempt to use your SMTP mail server's directory against you. Spammers may use a "name" dictionary to send random name combinations as recipients of SMTP mail to your mail server. They then harvest responses to these "dictionary" mailings to build a list of valid e-mail addresses that can be sold or targeted for more spam in the future. For example, in its default setting, the Domino SMTP task attempts to return mail that is undeliverable to the sender with a delivery failure message. When Domino operates in this mode, the spammer can use returned information to "cleanse" their dictionary of bad addresses by tracking subject, sender, and recipient information. Addresses for which the spammer receives non-delivery reports can be removed from their spamming list; other addresses are maintained as valid spam targets. This is called an SMTP Harvesting attack. 4.5.2 Spam mail bombing In many cases the spammer is merely hoping that their e-mail address dictionary will happen to have some valid addresses. In this case the spammer does not usually provide valid return delivery information. This type of attack is known as spam mail bombing. It represents a Denial of Service (DoS) attack because it keeps your Domino SMTP server busy handling invalid e-mail addresses. Indeed, this type of DoS attack consumes CPU and disk space as well, since invalid e-mail that cannot be returned by Domino is marked as DEAD mail and accumulates in the mail.box file. 4.5.3 Direct SMTP RCPT TO harvesting Another variation of a harvesting attack occurs when a connecting e-mail sender tests the response of the SMTP server to the "RCPT TO" command. Spammers can use this automated technique to very quickly test thousands of addresses without sending any e-mail. Spammers test the SMTP server response to the RCPT TO command and when the response is "positive" for a good address, the 62 Lotus Domino 6 spam Survival Guide for IBM eServer
![](/manual_guide/products/ibm-ah0qxml-user-guide-c7a8df4/74.png)