nerdexam
EC-Council

312-50V13 · Question #447

What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

The correct answer is A. The two internal commands VRFY and EXPN provide a confirmation of valid users, email. A successful SMTP enumeration allows an attacker to identify valid user accounts and mailing lists on a target mail server.

Submitted by olafpl· Mar 6, 2026Enumeration

Question

What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

Options

  • AThe two internal commands VRFY and EXPN provide a confirmation of valid users, email
  • BReveals the daily outgoing message limits before mailboxes are locked
  • CThe internal command RCPT provides a list of ports open to message traffic.
  • DA list of all mail proxy server addresses used by the targeted host

How the community answered

(64 responses)
  • A
    91% (58)
  • B
    3% (2)
  • C
    2% (1)
  • D
    5% (3)

Why each option

A successful SMTP enumeration allows an attacker to identify valid user accounts and mailing lists on a target mail server.

AThe two internal commands VRFY and EXPN provide a confirmation of valid users, emailCorrect

During SMTP enumeration, the VRFY (verify) command is used to confirm if a specific user exists on the mail server, and the EXPN (expand) command is used to identify the members of a mailing list. Successful execution of these commands provides a confirmation of valid users and email addresses, which is valuable information for attackers.

BReveals the daily outgoing message limits before mailboxes are locked

SMTP enumeration does not reveal daily outgoing message limits, as this is typically an internal server configuration not exposed through standard enumeration commands.

CThe internal command RCPT provides a list of ports open to message traffic.

The RCPT (recipient) command is used to specify the recipient of an email and does not provide a list of open ports; port scanning identifies open ports.

DA list of all mail proxy server addresses used by the targeted host

SMTP enumeration primarily focuses on user and mailing list existence, not on identifying mail proxy server addresses, which are typically found through DNS records or network reconnaissance.

Concept tested: SMTP enumeration techniques

Source: https://book.hacktricks.xyz/network-services-pentesting/pentesting-smtp

Topics

#SMTP enumeration#VRFY#EXPN#valid users

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice