DHAs: The Silent Killer of Exchange Servers

Editors share perspectives from vendors about products, services, technologies, and industry directions.

At Microsoft’s TechEd conference and exhibition, I had the opportunity to talk with several vendors about products and industry directions. In addition of gaining insight into products, I always come away from such conversations having learned something unexpected. I’d like to share some tidbits I found noteworthy.

Have you ever noticed that your Exchange server's deferral queues are full? Does that concern you? It should. Andrew Lochart and Marty Tacktill of Postini (www.postini.com) told me that they often hear complaints from Exchange administrators because "their deferral queues are full, taking most of the server's cycles." According to Andrew and Marty, most Exchange administrators don't recognize that full deferral queues are a symptom of a serious attack by potential spammers. "Directory Harvest Attacks are the reason why those deferral queues are full." What are Directory Harvest Attacks (DHAs)? "Spammers try delivering tens or hundreds of thousands of (usually empty) messages to a variety of addresses in a brute-force attempt to learn which are valid. Email servers use transaction cycles responding to bogus address requests." I was surprised to hear that DHAs cause more harm to Exchange servers than spam does, are harder to detect, and currently go unnoticed and unaddressed by most Exchange administrators.