Frequently Asked Questions
Jan 27, 2023 - 06:25pm
Frequently Asked Questions Operational Questions Email
EXPN and VRFY
Rate This FAQ
(Not yet rated)
Created On: 29 Aug 2002 8:29 am
Last Edited: 12 Sep 2002 9:00 am
What are the EXPN and VRFY options for in the Email Settings Control Panel, and how should they be configured?
EXPN and VRFY default to OFF.
While the RFC for these states that they should be on, RFCs are not always up to date with reality.
What they do (in brief):
VRFY permits someone to telnet to your server and verify that an email address is valid. Its purpose is to permit a remote server to check whether a particular email address is valid before sending email.
EXPN permits someone to telnet to your server and expand an alias into the list of actual email recipients. For example, if you have an email list called "greyhound-adoption", anyone could "expn greyhound-adoption" and get the list of all the member addresses in "greyhound-adoption".
Why the should be off (in brief):
For anti-spam, privacy, and security reasons, it is generally not a good idea to freely provide information about the users on your system or the users with which you communicate.