In this paper the E-mail Directory Harvest Attacks (DHA) are investigated. The goal of the DHA attacker is to identify valid e-mail addresses in a system, which addresses can be sold or used for spanming purposes. To achieve the goal the attacker tries numerous different addresses and selects valid addresses according to the response of the e-mail server. We elaborated a method for optimizing the wordlist size used by the attacker under limited resources. This optimization provides deeper insight into the capabilities of the DHA attacker, and yields firm ways upon which efficient protection can be developed. We analyzed the results and proved that our method is optimal. We present an efficient countermeasure against DHA. This is a network based method, where the possible attack events are collected by a trusted server (DHA RBL server). The DHA RBL server analyzes the data and builds up the list of attackers, which enables our prototype client module to filter out all emails coming from known attackers. The prototype implementation was examined in real-life systems, the results show that our approach is viable.