nerdexam
EC-Council

312-50V10 · Question #656

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

The correct answer is D. To illicit a response back that will reveal information about email servers and how they treat. Sending email to a known-invalid address triggers a Non-Delivery Report (NDR) bounce that often reveals mail server software names, version numbers, and internal relay paths useful for reconnaissance.

Footprinting and Reconnaissance

Question

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

Options

  • ATo determine who is the holder of the root account
  • BTo perform a DoS
  • CTo create needless SPAM
  • DTo illicit a response back that will reveal information about email servers and how they treat
  • ETo test for virus protection

How the community answered

(31 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    6% (2)
  • D
    74% (23)
  • E
    13% (4)

Why each option

Sending email to a known-invalid address triggers a Non-Delivery Report (NDR) bounce that often reveals mail server software names, version numbers, and internal relay paths useful for reconnaissance.

ATo determine who is the holder of the root account

NDR bounce messages expose server configuration and software details - they have no mechanism to identify the owner of the root account.

BTo perform a DoS

A single message sent to one invalid address generates only a single bounce reply and cannot cause a denial of service condition.

CTo create needless SPAM

Spam requires mass delivery to valid recipients - sending one message to a deliberately invalid address is a targeted recon technique, not spam generation.

DTo illicit a response back that will reveal information about email servers and how they treatCorrect

When an SMTP server cannot deliver a message it returns a DSN/NDR bounce containing the mail transfer agent name, version, and sometimes internal relay hops, giving a penetration tester passive reconnaissance data about the email infrastructure without requiring active probing or authentication.

ETo test for virus protection

Testing virus protection requires attaching files with known malware signatures; sending to an invalid address tests SMTP server behavior, not antivirus scanning.

Concept tested: SMTP NDR bounce message reconnaissance for server enumeration

Source: https://www.rfc-editor.org/rfc/rfc5321

Topics

#SMTP enumeration#bounce message#email reconnaissance#footprinting

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice