More often than we’d like to see, administrators misconfigure the EXPN and VRFY settings, thus allowing a hacker to get or verify for the existence of valid email ID’s – and this is valuable information by itself. This component of SMTP Watch enumerates the usernames and reports them for the mail administrator’s action.