Directory Harvesting

Directory harvesting attacks occur when spammers try to guess email addresses by attaching well known usernames to your domain. The majority of the email addresses are non-existent. Spammers send emails to randomly generated email addresses and while some email addresses may match real users, the majority of these messages are invalid and consequently floods the victim’s email server.

GFI MailEssentials stops these attacks by blocking emails addressed to users not in the organizations’ Active Directory or email server.

Directory harvesting can either be configured to execute when the full email is received or at SMTP level, that is, emails are filtered while they are being received. SMTP level filtering terminates the email’s connection and therefore stops the download of the full email, economizing on bandwidth and processing resources. In this case the connection is terminated immediately and emails are not required to go through any other anti-spam filters.

This filter is enabled by default on installing GFI MailEssentials in an Active Directory Environment.

Directory Harvesting is set up in two stages as follows