Security teams can use tools like GoogDorker or goblyn to search for their own domain exposed in directories (e.g., site:yourcompany.com intitle:index.of “.txt” ). This proactive monitoring is legal and recommended.
If you need a strictly academic journal citation, I recommend: index of email txt extra quality
: Modern sites use LLMs.txt to tell AI crawlers which parts of their site are most useful. Security teams can use tools like GoogDorker or
Demystifying "Index of /" Vulnerabilities: Understanding Directory Trapping, Exposed Email TXT Files, and Server Hardening Exposed Email TXT Files