We have a problem at the moment that is a right :moo: to try and solve.

We create a new user and email and within a day spam email is delivered. Looking at DHA, it looks like we may have this.

Anyone know how to catch the fLIckers at it, or remove it from the system?

Ta

Are you perchance using first name email addresses ? Try to use a nice mixture of first / last name in the email address plus characters inbetween, eg:

m.vinten@work.com
mark.v@work.com
mark-vinten@work.com

It might be a pain, but if it's not a straight forward first name basis, then harvesting email addresses are a lot harder. Also, make sure that your mail server bounces back ALL invalid addresses and doesn't have a collection account for anything that's undefined.

Put simply, the email address was likely harvested a while ago and assumed to be valid, thus when it became valid, people have already tried to spam to you.

oh, and no there isn't anything you can do about it, other than implement spam filters and check for valid MX domain entries, etc.

Thanks for this.

We have over 4000 email addresses in the Global Address List. We have spam filters and receive about 150000 spam emails per month. The reason we suspect is that as soon as you create a new account, it receives spam email. The MX records are all valid and any duff email addresses do get bounced.

Can you actually tell if a DHA is happening?

Not really. The things you would use to try and guestimate whether a harvest was occuring could quite easily be legitimate emails. Lots of messagse from one host ? Could be a mailing list. To the human eye, it's really easy to see when a harvest is in progress, because there's a suddenly influx and it's stuff you can see at a glance you don't want.... The trick is to see if your spam filter will be able to do the same sort of detection.

If I remember correctly, the Gyrate Dot Org Source (http://www.gyrate.org/?module=source) has a good collection of user agents that can be blocked, the code is usable if your site is PHP

The User Agent's is handy to prevent email addresses posted to websites from being trawled, but doesn't stop the Joe-Job's as we call 'em. This is where they just randomly put names/words together at the front of an email domain and just fire them off. If they get no reply, they assume that it worked, since by default NDR's should be generated as per the RFC's.

Thanks all. We are going to get external security consultants to come and give us an old check over and recommend changes etc.