Reducing the Effect of Distributed Directory Harvest Attack and Load of Mail Server

A Directory Harvest Attack or DHA is a technique used by spammers in an attempt to determine the valid e-mail addresses associated with an e-mail server so that they can be added to a spam database. Directory Harvest Attackers send the blank mail to the server to collect the valid user-id. They do this by observing the server\´s reply. Traditionally attackers use single IP address to send mails. Recently attackers use different IP address to send mail and from one IP address, they send 1-2 mails. Therefore, only blocking IP address is not sufficient to reduce the effect of DHA. The Directory Harvest Attackers not only collect the valid user-id but also increase the load of mail server. In this paper, we propose a framework that reduces the distributed attack and load of mail server. With IP address, the user-id is also blocked in this framework. Due to this, the attacker cannot send mails by using same user-id and different IP addresses. The framework consists of distributed servers that maintain two databases to block the source, one is for IP address, and another is for user-id. All the distributed servers share their database information with each other. Another module is there in the model named front-end filter, which act as a main gateway in the domain. Mail servers decide the black listed source and pass this information to the front-end filter. The filter checks the incoming source address with its black listed information. If the address is in black list then it sends all the mail coming from the attacker to the reply generator. Reply generator is another module in the framework that gives only \´invalid recipient address\´ reply to the source. Therefore, front-end filter and distributed method reduces the DHA and load of server. This electronic document is a "live" template.