Email services can relay information across the Internet and private networks. Due to the nature of these services, channels between the Internet and corporate network space are opened, which determined attackers can abuse to compromise internal networks. This chapter defines a strategy for assessing email services, through accurate service identification, enumeration of enabled options, and testing for known issues.