How to verify an email address without sending an email (SMTP telnet tutorial with VRFY)
Did you know you can check if an email address exists by connecting directly to a mailserver? Using nslookup we can find the mailserver for an email address using MX DNS records. Then we can connect via Telnet and perform a VRFY request to verify an email is valid or not. This works on Mac, Linux, and Windows WSL. This approach can be quite complicated so for a free solution that works in NodeJs and other programming languages check out www.mailslurp.com
by MailSlurp
linux smtp client
❌💃🏽💃🏽💃🏽💃🏽💃🏽💃🏽💃🏽💃🏽💃🏽💃🏽💃🏽💃🏽💃🏽💃🏽💃🏽💃🏽💃🏽👺💃🏽❌
❌❌❌❌🩴
how does this work with catch all emails?
Nice! I usually look at the headers to see where it came from… though not as much these days with DMARC. This is wayyyyyyyy better. I will reference this in the future.
It would be nice if some app could do this process for you. Then, if you have a suspect email, you can easily copy and paste it into it.
And that why the VRFY command has been disabled by default for the past 15+ years.
It may work with misconfigured servers and servers in an intranet depending on what the infra looks like.
It would be very bad if you can simply throw a randomly generated list of email addresses at a server and see what sticks. Most servers therefore will not confirm or deny the existence of a user until you try to send actual mail to that inbox.
Gmail still supports VRFY, but almost noone else does. This is not a reliable way of checking this.
This is a common enumeration technique and there are even a lot of free tools out there for it. For example Metasploit has a module auxiliary/scanner/smtp/smtp_enum
252 SMTP result is "Cannot verify the user", but mail to this email would be accepted (for weird SMTP servers sending VRFY before RCPT). Usually VRFY and EXPN are blocked without explicit error and sending 252 instead.