VRFY (verify) and EXPN (expand) commands are considered as security loopholes in SMTP. VRFY is used to check if an email address is valid. EXPN can expand an address. If the address indicates a mailing list, it return the contents of that list.
When the SMTP protocol was created, the Internet was quite a friendly place. VRFY and EXPN were convenient method of verifying email addresses. With the inceasing spam activities, people are taking the view that the two commands could be used by spammers to hunt email addresses. By all means, such information should not be given out as a matter of security and as a coordinated effort to combat spam.
No comments:
Post a Comment