Over at AllSpammedUp.com I’ve written an article about protecting Exchange Server 2007 from Directory Harvesting Attacks.
In many Exchange Server 2007 environments incoming email is received directly by an internet-facing Hub Transport server. By default the transport server will use recipient lookups to notify the connecting host whether an email address is valid or not. When an inbound email is addressed to a recipient that does not exist a “550 5.1.1 User unknown” SMTP response is sent to the connecting host. When an email is addressed to a valid recipient a “250 2.1.5 Recipient OK” SMTP response is sent.
Though it is useful and important to provide this recipient lookup feedback to sending email servers this is also exactly the behaviour that enables a Directory Harvest Attack to occur.
Read the full article here.