SMTP: Simple Mail Transfer Protocol

What is SMTP?

SMTP (Simple Mail Transfer Protocol) is the standard protocol for sending email across the internet. Created by Jon Postel in 1982 and defined in RFC 821, it has been the backbone of email communication for over four decades. The current version, defined in RFC 5321 (2008), is known as ESMTP (Extended SMTP) and adds support for authentication, encryption, and other modern features.

SMTP is a text-based command/response protocol. A client sends plain-text commands to a server, and the server replies with numeric status codes followed by a human-readable message. This simplicity made SMTP easy to implement and debug, which helped drive its universal adoption.

One important distinction: SMTP only handles sending email. It pushes messages from the sender to the recipient's mail server. To retrieve messages from a mailbox, users rely on separate protocols like IMAP or POP3. Think of SMTP as the postal truck that delivers letters, while IMAP is the act of opening your mailbox to read them.

How Email Delivery Works

Sending an email involves several systems working together in sequence. Here is the end-to-end journey of a typical email message:

1. Compose: The sender writes an email in their Mail User Agent (MUA), such as Gmail, Outlook, or Apple Mail.
2. Submit:The MUA connects to the sender's outgoing mail server (MTA, or Mail Transfer Agent) via SMTP, usually on port 587 with authentication and STARTTLS encryption.
3. DNS MX Lookup:The sender's MTA queries DNS for the recipient domain's MX (Mail Exchange) records to find the destination mail server.
4. Relay:The sender's MTA opens an SMTP connection (typically on port 25) to the recipient's MTA and transfers the message.
5. Delivery:The recipient's MTA passes the message to the Mail Delivery Agent (MDA), which stores it in the recipient's mailbox.
6. Retrieval: The recipient opens their email client, which fetches the message via IMAP or POP3.

Each hop in this chain uses SMTP to transfer the message. Large email providers like Google and Microsoft operate massive MTA infrastructures to handle billions of messages per day. If a destination server is temporarily unavailable, the sending MTA will queue the message and retry delivery over a period of hours or days before generating a bounce notification.

SMTP Session: Step by Step

An SMTP session is a structured conversation between a client and a server. Every email transaction follows the same sequence of commands and responses. Here is what a typical session looks like:

1. TCP Connection: The client opens a TCP connection to the server on port 25 (relay) or port 587 (submission).
2. Server Greeting (220): The server responds with a 220 status code, indicating it is ready.
3. EHLO: The client identifies itself and requests a list of supported extensions. The server replies with 250 and its capabilities.
4. MAIL FROM:The client specifies the sender's email address (the envelope sender).
5. RCPT TO: The client specifies one or more recipient addresses. Each RCPT TO command names a single recipient.
6. DATA:The client signals that it is ready to send the message body. The server responds with 354, meaning "go ahead."
7. Message Body: The client sends the email headers (From, To, Subject, Date) followed by a blank line and then the message body. The message is terminated by a line containing only a single period: CRLF.CRLF.
8. QUIT: The client closes the session. The server responds with 221 and drops the connection.

This command-response pattern is fundamental to SMTP. The client never sends the next command until it receives a response to the current one, making the protocol straightforward to implement and debug using tools like telnet or openssl s_client.

SMTP Commands Reference

SMTP defines a small set of commands. The original RFC 821 specified just a handful, and ESMTP extensions added several more. Here are the most important commands:

The older HELO command still works but has been superseded by EHLO, which enables the server to advertise extension support. Most modern servers require EHLO.

SMTP Response Codes

Every SMTP server response begins with a three-digit status code. The first digit indicates the general category of the response:

• 2xx (Success): The requested action was completed successfully.
• 3xx (Intermediate): The server needs more input from the client before it can complete the action.
• 4xx (Temporary Failure): The action failed, but the client should try again later. The server may be overloaded or the mailbox temporarily unavailable.
• 5xx (Permanent Failure): The action failed and should not be retried. The address may not exist, or the server rejected the message.

When troubleshooting email delivery issues, these codes are your most important diagnostic tool. Bounce messages typically include the SMTP response code from the remote server, which tells you exactly why delivery failed.

SMTP Security: STARTTLS and Authentication

The original SMTP specification included no encryption or authentication. Messages were sent in plain text, and any server could relay mail for anyone. Modern email relies on several layers of security to address these weaknesses.

STARTTLS Encryption

STARTTLS is an SMTP extension that upgrades a plain-text connection to an encrypted TLS connection. After the client sends the STARTTLScommand and the server responds with 220, both sides perform a TLS handshake. All subsequent SMTP commands and message data are encrypted. This is called "opportunistic TLS" because encryption is negotiated within an existing connection rather than required from the start.

SMTP Authentication

The AUTH extension (RFC 4954) requires clients to prove their identity before the server will accept mail for relay. Common authentication mechanisms include PLAIN, LOGIN, and CRAM-MD5. Port 587 (the submission port) requires authentication, which prevents open relay abuse.

SPF, DKIM, and DMARC

These three standards work together to prevent email spoofing and improve deliverability:

• SPF (Sender Policy Framework): A DNS TXT record that lists the IP addresses authorized to send email for a domain. Receiving servers check this record to verify the sender.
• DKIM (DomainKeys Identified Mail): The sending server adds a cryptographic signature to the email headers. The receiving server verifies it using a public key published in DNS.
• DMARC (Domain-based Message Authentication, Reporting, and Conformance): A policy layer that tells receiving servers what to do when SPF or DKIM checks fail (reject, quarantine, or allow). It also provides reporting so domain owners can monitor authentication results.

Together, SPF, DKIM, and DMARC form the foundation of modern email authentication. Setting them up correctly is essential for ensuring your emails reach the inbox rather than the spam folder.

SMTP Ports Explained

SMTP uses several well-known ports, each serving a different purpose:

Port 25 is used for server-to-server communication and is often blocked by ISPs for residential connections to prevent spam. Port 587 is the standard for email clients submitting messages and requires both STARTTLS and authentication. Port 465 has an unusual history: it was originally assigned for implicit TLS, then deprecated in favor of STARTTLS on port 587, and later re-assigned in RFC 8314 (2018) as a legitimate submission port with implicit TLS. Port 2525 is an unofficial alternative that some providers offer when port 25 is blocked.

Common Use Cases for SMTP

SMTP is everywhere email is sent. Here are the most common scenarios:

• Web application email: Frameworks like Rails, Django, and Next.js use SMTP to send password resets, verification links, and notifications through services like SendGrid, Mailgun, or Amazon SES.
• Transactional email: E-commerce platforms send order confirmations, shipping updates, and receipts via SMTP. These messages are triggered by user actions and require high deliverability.
• Marketing email: Platforms like Mailchimp and Campaign Monitor use SMTP infrastructure to deliver newsletters and promotional campaigns to large subscriber lists.
• Server alerts and monitoring: System administrators configure servers to send alerts via SMTP when disk space runs low, services crash, or security events occur.
• Automated reports: Scheduled scripts generate reports (daily summaries, analytics, audit logs) and deliver them by email using SMTP.

Frequently Asked Questions

What is the difference between SMTP and IMAP?

SMTP is for sendingemail. It pushes messages from the sender's client to the recipient's mail server. IMAP (Internet Message Access Protocol) is for receiving email. It allows clients to access and manage messages stored on the server. Your email client uses SMTP to send and IMAP (or POP3) to receive.

Why is port 587 preferred over port 25 for sending email?

Port 587 is the designated submission port for email clients. It requires authentication (so only authorized users can send) and STARTTLS encryption (so credentials and message content are protected). Port 25 is designed for server-to-server relay and is commonly blocked by ISPs on residential networks to reduce spam.

What is STARTTLS and why does it matter?

STARTTLS is a command that upgrades a plain-text SMTP connection to an encrypted TLS connection. Without it, email content, including passwords during authentication, travels in plain text across the network. Most modern mail servers require or strongly encourage STARTTLS to protect message privacy.

Can SMTP receive email?

Not from the end user's perspective. SMTP delivers email to the recipient's mail server, but users retrieve their messages using IMAP or POP3. However, the receiving mail server does accept incoming SMTP connections from other servers, so in that sense, the server side of SMTP "receives" email for storage and later retrieval.

What are SPF, DKIM, and DMARC?

These are email authentication standards that verify the sender's identity. SPF checks whether the sending server's IP is authorized for the domain. DKIM adds a cryptographic signature that proves the message was not altered in transit. DMARC ties SPF and DKIM together with a policy that tells receiving servers how to handle authentication failures. All three are published as DNS records.

Why do my emails go to spam?

Several factors can cause emails to land in spam: missing or misconfigured SPF, DKIM, or DMARC records; sending from a new or low-reputation IP address; high bounce rates; spammy content or subject lines; and lack of proper authentication. Setting up SPF, DKIM, and DMARC correctly, warming up your sending IP gradually, and maintaining a clean recipient list are the most effective ways to improve inbox placement.

Related Protocols

• TCP: The transport layer protocol that SMTP runs on for reliable, ordered delivery
• SSH: Secure remote access protocol, often used to manage mail servers
• HTTP: Application layer protocol for the web, used by webmail interfaces and email APIs
• HTTPS: Encrypted HTTP, used by modern webmail clients like Gmail and Outlook