In our MTA VRFY/EXPN are disabled by default. They can be enabled
unconditionally or require SMTP AUTH.
At 14:29 14-07-2007, Markus Stumpf wrote:
VRFY is still useful for address verification. It is disabled in the
default configuration of some MTAs due to abuse.
On Sat, Jun 16, 2007 at 10:05:20AM +0300, Kari Hurtta wrote:
> 126.96.36.199. VERIFY (VRFY)
> 188.8.131.52. EXPAND (EXPN)
Does anybody know about any MTA actively using these today?
Is there any secenario (besides address harvesting) within which these
are still useful in todays email communication?
IMHO most MTAs support the commands but respond something like:
252 send some mail, i'll try my best
Why not simply drop them completely?
Note that the draft-04 mentions that "Server implementations" should
support both VRFY and EXPN and leaves it to local installations to
disable them if need be. By dropping them, we are removing
functionality that is useful for debugging.