A directory harvest attack is an attempt by a malicious person to find out the email addresses that exist within a domain so that they can later send spam to those addresses. Attackers do this by sending a series of connections to a SMTP server pretending to deliver mail to a large quantity of randomly selected email addresses, and collecting the responses from the server. The SMTP responses normally indicate whether or not each email address exists, thus allowing a spammer to compile a list of valid email addresses. This is also known as a "Dictionary Attack," because the attacker literally runs through a list of thousands of common names that can make up an email address.
We protect customers from Directory Harvest Attacks by automatically disconnecting spammers who send mail to too many unknown recipients. Subsequent connections are throttled so that the attacker cannot establish new connections at a rapid rate. This greatly reduces the chances of our customers' email addresses ending up on spammers' mailing lists. Similarly, our servers reject mail when a spammer uses a forged FROM address; i.e., when they try to guess an email address within the domain that they are spamming in hopes that this gets their mail whitelisted and delivered. If they guess an unknown address, we reject the message.