check-if-email-exists icon indicating copy to clipboard operation
check-if-email-exists copied to clipboard

Published 20 hours ago verified publisher icon reacherhq

Consider using VRFY SMTP command

Open tyranron opened this issue 4 years ago • 4 comments

Checking the RFC 5321 while implementing #822, I've noticed that there is a special debug VRFY SMTP command for checking whether mailbox is valid.

It seems reasonable to use VRFY for checking mailbox existence, and fallback to RCPT TO only when the former is unimplemented or we unsure to make a decision out of its result.

Such check, in theory, should not be considered as a delivery attempt by SMTP servers, so we will do less unnecessary ratelimit and mailtrap hits.

tyranron avatar Jan 07 '21 11:01 tyranron

This is a great idea! I read somewhere that most servers don't respond to VRFY, so didn't bother to implement it.

But you're 100% right, we should do VRFY first, then fallback to RCPT TO.

Would you like to create a PR?

amaury1093 avatar Jan 07 '21 12:01 amaury1093

@amaurymartiny I'll try to find some time for it after investigating/fixing more important issues.

tyranron avatar Jan 07 '21 12:01 tyranron

I think most server configurations suggest disabling VRFY to not make life easy for spammers, who could abuse this to enumerate valid email addresses.

vsviridov avatar Jul 02 '21 04:07 vsviridov

Thanks to spammers, SMTP commands like VRFY and EXPN are disabled by default by most sysadmins. Or these commands do not give out any definitive result ("cannot vrfy user, but will take message for xyz").

masroore avatar May 03 '22 08:05 masroore