That might be why spammers don't use EXPN/VRFY but instead use Rcpt_To
to verify addresses in their lists. If you watch an SMTP server that
gets much spam, you'll see a lot of SMTP transactions aborted after
Rcpt_To, even when the server answered with a 200-series status value.
there's no way to know whether the verification is being done by a
spammer or for legitimate purposes.
I don't know which of various other mechanisms Keith Moore meant, but
I doubt he meant EXPN/VRFY requests or Rcpt_to, because all three
are wrecked by common uses of MX secondaries.
no I meant RCPT. a 2xx response doesn't guarantee that the address
is valid, but a 5xx response is a reasonable assurance that the address
won't be able to receive mail.
Note that "[verifying] whether or not the sender actually exists as
a user on the mail server for the domain the e-mail is coming from"
as stated does not make a lot of sense in the real world.
in many (not all) cases it's fairly safe to assume that a message from
an unreplyable address is not of interest to a recipient. for instance,
I use this to filter traffic that is sent to a mail robot autoresponder,
because there's no point in having the robot process a message and
generate a response if the reply is going to bounce anyway.
Keith