Check or Attack Name: SMTPrcpt

A side affect of many implementations of the RCPT command within SMTP servers is the ability to use this command to verify which addresses are valid. Disabling the VRFY and EXPN commands is often thought to be sufficient in preventing such information gathering attacks. This method is often used in e-mail "harvesting" applications run by direct e-mail marketers.

This issue does not directly indicate any type of vulnerability. No effective solutions have been developed to prevent this method from being exploited. Mail administrators should pay close attention to their log files and report any obvious abuses to the appropriate person(s).