The correct answer is A. Sending an email to a non-existent address during an authorized penetration test can trigger a bounce-back or non-delivery report. These responses may reveal useful reconnaissance information such as mail server names, IP addresses, SMTP banners, internal hostnames, anti-spam gateways, mail routing behavior, and how the organization handles undeliverable messages. This technique supports the CEH reconnaissance and footprinting phase, where testers gather publicly or externally exposed information before deeper testing. It is not intended to create spam, identify root users, test antivirus directly, or perform a denial-of-service attack.