1
vrfy feature
Question asked by Bilal SOYALP - 4/24/2023 at 11:10 AM
Answered
Hello,
Should the vrfy feature be on or off?
Which one should it be?

6 Replies

Reply to Thread
0
Bilal SOYALP Replied
this is how i set it up
1
Douglas Foster Replied
VRFY should be off to prevent address harvesting by spammers
1
Kyle Kerst Replied
Employee Post Marked As Answer
Per our help documentation, the VRFY SMTP command can be a security risk in some scenarios and so this is unfortunately not something we can apply a blanket answer to. If you have devices/clients that require the ability to verify mailboxes/expand aliases before sending I'd recommend having it on, otherwise you should be able to test with it turned off to confirm there isn't an impact. Here's our help section on this:

Enable VRFY command - Enable this setting to allow others (including other mail servers) to verify an email address on the server. Note: Some people believe enabling VRFY commands is a security risk, so be sure to research the possible ramifications before enabling this feature.
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
0
Bilal SOYALP Replied
Like you said, it should stay closed. We discussed this information with Barikat Cybersecurity.
0
Zach Sylvester Replied
Employee Post
Hey Bilal, 

Can I see the source that you're reading? I find it unlikely that a Cyber Security Firm would recommend turning this feature on. 

Thanks, 
Zach Sylvester Software Developer SmarterTools Inc. www.smartertools.com
0
Bilal SOYALP Replied
Hi Zach Sylvester,
I understood the company's answer very differently. I edited my previous message. As you said, it should definitely be closed.

Reply to Thread