1. Manuals
  2. Brands
  3. IBM Manuals
  4. Software
  5. AH0QXML - Lotus Domino Messaging
  6. User manual

Protecting Your Domino Server From Active Address Harvesting Attacks; Smtp Harvesting Attacks; Spam Mail Bombing; Direct Smtp Rcpt To Harvesting - IBM AH0QXML - Lotus Domino Messaging User Manual

User guide
Hide thumbs
Table of Contents

Advertisement

4.5 Protecting your Domino server from active address
harvesting attacks
In this section we introduce some of the active address harvesting attack types
that spammers use to obtain email addresses, and we give recommendations
and instructions on how you can protect your Domino 6 server from these
attacks.

4.5.1 SMTP harvesting attacks

The most insidious types of attacks can occur when spammers attempt to use
your SMTP mail server's directory against you. Spammers may use a "name"
dictionary to send random name combinations as recipients of SMTP mail to
your mail server. They then harvest responses to these "dictionary" mailings to
build a list of valid e-mail addresses that can be sold or targeted for more spam in
the future.
For example, in its default setting, the Domino SMTP task attempts to return mail
that is undeliverable to the sender with a delivery failure message. When Domino
operates in this mode, the spammer can use returned information to "cleanse"
their dictionary of bad addresses by tracking subject, sender, and recipient
information. Addresses for which the spammer receives non-delivery reports can
be removed from their spamming list; other addresses are maintained as valid
spam targets. This is called an SMTP Harvesting attack.

4.5.2 Spam mail bombing

In many cases the spammer is merely hoping that their e-mail address dictionary
will happen to have some valid addresses. In this case the spammer does not
usually provide valid return delivery information. This type of attack is known as
spam mail bombing. It represents a Denial of Service (DoS) attack because it
keeps your Domino SMTP server busy handling invalid e-mail addresses.
Indeed, this type of DoS attack consumes CPU and disk space as well, since
invalid e-mail that cannot be returned by Domino is marked as DEAD mail and
accumulates in the mail.box file.

4.5.3 Direct SMTP RCPT TO harvesting

Another variation of a harvesting attack occurs when a connecting e-mail sender
tests the response of the SMTP server to the "RCPT TO" command. Spammers
can use this automated technique to very quickly test thousands of addresses
without sending any e-mail. Spammers test the SMTP server response to the
RCPT TO command and when the response is "positive" for a good address, the
62
Lotus Domino 6 spam Survival Guide for IBM eServer

Advertisement

Table of Contents
loading

Related Manuals for IBM AH0QXML - Lotus Domino Messaging

Related Content for IBM AH0QXML - Lotus Domino Messaging

This manual is also suitable for:

Lotus domino 6

Table of Contents