E-mail communications can be tampered with to send spam messages and fake e-mails from important mail accounts, and even the recent Shellshock vulnerability can be exploited.
The users on an SMTP server can be enumerated by using the EXPN
, VRFY
, or RCPT
commands. This can be achieved either manually by simply connecting to the SMTP server over port 25 and running the respective commands as shown in the following screenshot, or automatically via tools such as Nmap and Metasploit, which are discussed further in this section.