SMTP Pentest Guide

SMTP Attack Techniques

This page catalogs common attack techniques against SMTP servers and email infrastructure. Understanding these attacks is essential for both penetration testers and defenders.

Open Relay Abuse
Exploiting misconfigured mail servers

Attackers exploit SMTP servers that are configured to relay messages from any source to any destination, allowing them to send spam or phishing emails anonymously.

Learn More
SMTP User Enumeration
Discovering valid email accounts

Attackers use SMTP commands like VRFY, EXPN, and RCPT TO to validate email addresses, building lists of valid accounts for further attacks.

Learn More
SMTP Injection
Manipulating email content and recipients

Attackers inject SMTP commands into web applications that send emails, allowing them to modify message content, add recipients, or send unauthorized messages.

Learn More
SMTP Smuggling
Exploiting parsing inconsistencies

A sophisticated attack that exploits differences in how email servers interpret message boundaries to bypass security controls and authentication mechanisms.

Learn More
STARTTLS Downgrade
Forcing unencrypted communications

Attackers intercept and modify SMTP traffic to prevent the use of TLS encryption, forcing the server to transmit sensitive data in plaintext.

Learn More
Email Spoofing
Forging sender addresses

Attackers send emails with forged sender addresses to impersonate trusted entities, often bypassing or exploiting weaknesses in SPF, DKIM, and DMARC.

Learn More
SMTP Authentication Attacks
Compromising email accounts

Techniques for attacking SMTP authentication, including brute force attacks, credential interception, and authentication bypass methods.

Learn More
Mail Relay Chain Attacks
Exploiting multi-hop email delivery

Attackers target vulnerabilities in complex email relay chains, exploiting trust relationships between servers to bypass security controls.

Learn More
Email Header Injection
Manipulating email headers

Attackers inject additional headers into emails, potentially adding BCC recipients, changing reply-to addresses, or modifying content types for XSS attacks.

Learn More

Attack Methodology

Most SMTP attacks follow a common methodology:

  1. Reconnaissance - Identifying mail servers and gathering information
  2. Scanning - Probing for open ports and services
  3. Vulnerability Analysis - Identifying weaknesses in the SMTP implementation
  4. Exploitation - Leveraging discovered vulnerabilities
  5. Post-Exploitation - Maintaining access or extracting data

Defensive Considerations

Understanding these attacks is essential for implementing effective defenses:

  • Proper SMTP server configuration to prevent open relay
  • Implementation of email authentication (SPF, DKIM, DMARC)
  • TLS encryption for all SMTP communications
  • Input validation in web applications that send emails
  • Regular security testing and monitoring of email infrastructure
  • User awareness training to recognize phishing and social engineering

Reminder: The techniques described on this page should only be used in authorized penetration testing scenarios. Unauthorized testing or attacks against email systems is illegal and unethical.

Return to Home