On the public Internet, the contents of mailing lists have become
popular as an address information source for so-called "spammers."
The use of EXPN to "harvest" addresses has increased as list
administrators have installed protections against inappropriate uses
of the lists themselves. However, VRFY and EXPN are still useful for
authenticated users and within an administrative domain. For
example, VRFY and EXPN are useful for performing internal audits of
how email gets routed to check and to make sure no one is
automatically forwarding sensitive mail outside the organization.
Sites implementing SMTP authentication may choose to make VRFY and
I think it would be useful to add an Informative reference to
SMTP AUTH RFC here, "SMTP authentication (such as RFC 4954)"
Alexey Melnikov wrote:
On the public Internet, the contents of mailing lists have become popular as an address information source for so-called "spammers." The use of EXPN to "harvest" addresses has increased as list administrators have installed protections against inappropriate uses of the lists themselves. However, VRFY and EXPN are still useful for authenticated users and within an administrative domain. For example, VRFY and EXPN are useful for performing internal audits of how email gets routed to check and to make sure no one is automatically forwarding sensitive mail outside the organization. Sites implementing SMTP authentication may choose to make VRFY and
I think it would be useful to add an Informative reference to SMTP AUTH RFC here, "SMTP authentication (such as RFC 4954)"