'Dark Traffic' zaps 83 percent of email resources


New Member
May 27, 2005
The amount of valid email as a percentage of all incoming traffic has declined sharply since the beginning of the year, a messaging security vendor reported Tuesday, due to a tripling of directory harvest attacks by spammers after addresses.

Illegitimate traffic, dubbed "dark traffic" by Tumbleweed Communications is a nod to astronomy's "dark matter". It is comprised of directory harvest attacks (DHAs), denial-of-service attacks, malformed SMTP packets, and invalid recipient addresses, which now account for 83 percent of all incoming bits. That's up from 64 percent in the previous reporting period, 2005's first quarter.

DHAs are brute force attempts by spammers to find valid email addresses; the spammer connects to business's email server and guesses addresses until he gets some right. Those addresses are then harvested for use in later spam campaigns.

"In our first Dark Traffic Report, we were genuinely surprised at the amount of hidden traffic flowing into the enterprise," said John Thielens, chief technology officer of Tumbleweed, in a statement.

"We were again surprised to see such large jumps in directory harvest attacks and denial of service attacks."

DHAs grew by 170 percent since the first quarter, added Thielens, and denial-of-service attacks leapt 300 percent.

According to Tumbleweed's data, DHAs now account for 27 percent of all incoming email traffic, while messages to invalid recipients — the vast bulk of which is due to spamming — account for 43 percent of incoming traffic.

"Enterprises are spending far too much on email infrastructure to handle the 80-plus percent of useless traffic that could be stopped at the network perimeter," said Thielens.

Directory harvest attacks pose a serious threat to network security, Tumbleweed's report noted, since over 40 percent of surveyed enterprises use an employee's email address as his or her log-in user name.

Most passwords can be broken in minutes by dictionary attacks," the report said. "Once a username is obtained, the hard part is over for the hacker, because poorly chosen passwords are the most common weak link in the security chain. Weak passwords chosen by employees are generally very easy for software to crack in a brute force attack."

The full Dark Traffic report can be downloaded from the Tumbleweed site as a PDF file.