nerdexam
EC-Council

312-50V13 · Question #110

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

The correct answer is D. To illicit a response back that will reveal information about email servers and how they treat. During a penetration test, sending an email to a non-existent address is a reconnaissance technique used to gather information about the target's email infrastructure.

Submitted by yuriko_h· Mar 6, 2026Footprinting and Reconnaissance

Question

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

Options

  • ATo determine who is the holder of the root account
  • BTo perform a DoS
  • CTo create needless SPAM
  • DTo illicit a response back that will reveal information about email servers and how they treat
  • ETo test for virus protection

How the community answered

(48 responses)
  • A
    2% (1)
  • B
    4% (2)
  • C
    2% (1)
  • D
    92% (44)

Why each option

During a penetration test, sending an email to a non-existent address is a reconnaissance technique used to gather information about the target's email infrastructure.

ATo determine who is the holder of the root account

Sending an email to a non-existent address does not typically reveal the holder of a root account; it primarily provides information about the mail server's configuration.

BTo perform a DoS

This action is a single, non-malicious query and is highly unlikely to cause a Denial of Service (DoS) on an email server.

CTo create needless SPAM

The primary goal is information gathering, not creating needless SPAM, which would be unprofessional and counterproductive for a penetration test.

DTo illicit a response back that will reveal information about email servers and how they treatCorrect

When an email is sent to an address that does not exist, the mail server typically generates a Non-Delivery Report (NDR) or bounce message. These messages often contain valuable information such as the mail server's software type, version number, internal hostnames, and how it handles delivery failures, which aids in further penetration testing efforts.

ETo test for virus protection

While it might indirectly provide some clues if an antivirus scanner reports on the bounced email, the main purpose is to illicit server response details, not to test for virus protection directly.

Concept tested: Email server reconnaissance

Topics

#email reconnaissance#NDR analysis#SMTP enumeration#footprinting

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice