- Simple mail transfer protocol (SMTP) is defined as an email protocol that enables the transmission of emails among user accounts over an internet connection.
- Simply put, SMTP is a set of rules that allows different email accounts and clients to streamline information exchange.
- This article covers the meaning, uses, and best practices of SMTP.
Simple mail transfer protocol (SMTP) is an email protocol that enables the transmission of emails among user accounts over an internet connection. Simply put, SMTP is a set of rules that allows different email accounts and clients to streamline information exchange. This is a very commonly used email protocol, alongside internet message access protocol (IMAP) and post office protocol (POP).
Simple Mail Transfer Protocol (SMTP) Architecture
SMTP is a dedicated protocol for sending emails. Most popular email clients–such as Microsoft Outlook, Google Gmail, Yahoo Mail, and Apple Mail–leverage SMTP to send (or ‘push’) emails from the sender to the receiver.
SMTP servers handle the transmission, receipt, and relaying of emails for other applications, known as clients, within a network. Think of an SMTP server as a real-world post office and imagine that a letter needs to be sent from City 1 to City 2. The letter would first reach one of the local post offices in City 1. There, it would be processed and sent to the local post office in City 2. Finally, that ‘last-mile’ post office would be responsible for delivering the letter to its final destination.
SMTP servers carry out the same process; however, message transmission takes only a few minutes rather than a few days. On the other hand, SMTP ports serve as the communication endpoints for handling email data transfer over SMTP as it is transmitted between servers over a network. While outgoing emails are generally transmitted using port 465 or 587, messages between email servers are relayed using port 25.
How does SMTP work?
A user must first set up an SMTP server, after which email clients can be configured to connect with it. Once this is done, a user presses the ‘send’ button on an email and an SMTP connection is set up between the client and the server to allow for the email to be sent. The SMTP connection is built upon a transmission control protocol (TCP) connection.
Once the SMTP connection is active, commands transmitted by the client give instructions to the server and enable the transfer of information, such as the email addresses of the sender and the recipient and the contents of the email.
The MTA, which can stand for message transfer agent or mail transfer agent, is responsible for checking whether both email addresses are from a single email domain, such as gmail.com. If both addresses are from the same domain, the email is transmitted instantly. If not, a domain name system (DNS) is used by the server to identify the receiving domain, after which the email is transmitted to the right server.
SMTP, POP, and IMAP
Apart from SMTP, IMAP and POP are two common email protocols. However, SMTP is unique — it is used for ‘pushing’ (sending) emails between unknown email servers. On the other hand, POP and IMAP are used to ‘pull’ (receive) an email from the receiving party from their own server. As such, POP and IMAP are primarily used for transferring emails to verified servers and cannot be used for transmitting messages outside of the user’s networks.
The post office protocol (POP) is used to receive incoming emails. The latest version in use is POP3. This protocol’s operations mimic that of a real-world post office — POP3 will ‘pull and hold’ emails for clients until they are picked up.
Emails are typically downloaded and stored in the local system, making it ideal for users who use only one endpoint for their emails. POP is also used by enterprises to enable employees to check their emails offline.
Unlike SMTP, which serves as a message transfer protocol (email sender), POP serves as a message access protocol (email receiver). This means that SMTP is used twice — the first time when a connection is being established for transmitting data between the sender and the email server and the second time when data is being transferred, and a connection is being established with the recipient. Conversely, POP is used only once — for data transfer between the receiving party and their email server.
The internet message access protocol (IMAP) stores emails on a server that can be accessed and configured by users. Unlike POP, IMAP uses a cloud server to enable email authentication and categorization based on device type. IMAP is generally preferred over POP for its efficiency and convenience. IMAP, like POP, is a message access protocol (email receiver).
SMTP is a popular protocol that plays a crucial role in email communications. Let’s look at the five key uses of SMTP.
1. Email transmission and delivery
SMTP is primarily used for transmitting emails between servers and clients. It is a popular protocol for both personal and work email accounts. Once an email is sent, it reaches an SMTP server, which applies a set of rules to figure out where the email needs to be transmitted next. Based on several factors, the email is delivered either to the receiver’s local email client or to their email server.
2. Email routing
SMTP is capable of routing emails through several networks and servers before they are delivered to their final inbox. This means that SMTP can be used to send emails to servers and clients located in different geographical locations. The email routing process can also use SMTP in conjunction with IMAP, POP, and other protocols with the aim of retrieving and managing emails effectively.
3. Email authentication
SMTP enables servers to authenticate sender identity and encrypt or decrypt emails accordingly to protect data privacy during transmission. By making it more difficult for bad actors to intercept and read emails, SMTP helps prevent spam and phishing attacks.
Interestingly, SMTP was not always a torchbearer for email authentication. The original SMTP version, when it was introduced in 1981, used open relays. This meant that there was no process in place to authenticate users, and all emails were transmitted regardless of the address of the sender or receiver. This opened floodgates for mass spam mailing.
With time, new versions of SMTP were introduced, including SMTP-after-POP, extended SMTP (ESMTP), and SMTP-AUTH (also known as ASMTP). With these newer protocols, users needed a password or other authentication mechanisms to log into the SMTP server of an email service provider.
Gone were the days of zero SMTP authentication, where any unauthorized party could use an open server to send an email using a made-up email address. With new authentication processes in place, only verified users had access to sending emails via SMTP servers. This put in place a barrier to entry and prevented low-level bad actors from sending unsolicited or malicious messages. Today, emails sent from servers that do not use the SMTP-AUTH standard often bounce back to the sender with an ‘authentication failed’ error.
Most email applications automatically configure SMTP authentication when a user creates a new account. However, users setting up their own email accounts in a third-party client such as Microsoft Outlook or Mozilla Thunderbird must check their settings and make sure SMTP-AUTH is activated. Instructions for this can easily be found on the official support pages of the specific email application.
4. Email security
With email being one of the most widely used modes of communication across the world, especially for enterprise communications, email security is vital. Enter SMTPS, a method for securing SMTP using transport layer security (TLS).
An email secured with SMTPS is resistant to attackers looking to modify its contents or reroute it to an unauthorized middleman before it is passed on to the intended receiver. SMTPS also thwarts attackers who would otherwise be able to exploit unencrypted emails by injecting malicious SMTP commands as the email is being transmitted between servers. One common target for such attacks is emails that feature forms, as such emails commonly contain built-in vulnerabilities.
The lack of SMTPS makes emails more susceptible to spamming using a vulnerable domain, the silent theft of sensitive data, or to phishing attacks. To enable SMTPS, a user needs to enable TLS on their email server. Once TLS is activated, the SMTP protocol is encrypted on the transport layer, and SMTP is ‘wrapped inside’ a TLS connection. This secures SMTP and transforms it into SMTPS.
5. Email marketing
Emails are an important medium for enterprises—whether online or offline—to communicate with their customers. It is essential for business owners to ensure that their emails are being sent securely and delivered reliably to the inboxes of their audience.
SMTP plays a critical role in email marketing campaigns across industry verticals. It is responsible for emails being transmitted to customers safely and without failure. In fact, high deliverability is a key reason for the use of SMTP in email marketing. Apart from this, leading SMTP-powered email marketing solutions offer a solid sender reputation, allowing marketers to enjoy high deliverability.
Advanced SMTP relay servers also provide users with the tools required to maintain a sending IP address, which can help avoid the spam folders of recipients. Additionally, SMTP servers boost deliverability by supporting new account validation, domain name authentication, and email authentication protocols such as DKIM, DMARC, and SPF.
Log retention is another key feature of the SMTP servers favored by email marketers. These logs contain email campaign metrics such as open rate, CTR, and unsubscribe rate. SMTP email services preferred by marketers ideally retain logs for longer durations, allowing users to go back and check them in case of any issues. While many SMTP servers offer a 30-day retention period, some allow for unlimited log retention and give users the option to configure their retention policies.
Finally, SMTP solutions that are created for email marketing are built to be easily accessible by business owners, non-tech marketers, and tech-savvy developers alike. They simplify the email-sending process with a user-friendly interface, streamlined onboarding, and a responsive support team.
Following the below simple mail transfer protocol (SMTP) best practices while managing an email server can help boost the sender’s reputation score and ensure seamless email delivery. Let’s dive in.
1. Misuse prevention for open SMTP relays
Cloud providers and residential ISPs generally block SMTP port 25 to control spam and prevent open SMTP relays from being targeted for misuse. While some providers allow users to open port 25 on request, this is generally a layered process to minimize the chances of misuse. For instance, service providers may request proof of identity and payment method verification, as well as a detailed reason for an outbound port 25. Even then, an outbound SMTP port 25 can be closed again if evidence of spamming or a compromised server is detected.
Users should similarly exercise due caution during server configuration and aim to prevent their servers from turning into open relays. Errors during server setup can lead to the misuse of an open relay, rendering security settings ineffective. SMTP diagnostic tools generally prove useful when it comes to testing SMTP configuration for such flaws.
2. Using professional mailing solutions
Outbound SMTP port 25 being blocked is generally not a problem for users since ports 465 and 587 are still available for use, along with non-standard ports for sending emails through a relay. For instance, the mail transfer agent (MTA) can be configured to use a mailing service over port 587 for the secure relaying of emails.
Another option is for users to not run their own SMTP email server at all. Instead, depending on the use case for sending emails, users can consider utilizing a professional mailing solution. Both transactional emails as well as marketing campaigns generally perform better and exhibit higher deliverability when undertaken by a specialized service provider.
3. Matching forward and reverse DNS
Also known as forward confirmed reverse DNS, ensuring the presence of a valid and matching forward and reverse DNS is a key recommendation in RFC 1912. A basic understanding of the key request for comments (RFC) documents by system administrators can go a long way in avoiding spoofing by spammers in the case of SMTP.
4. Matching of HELO string and reverse DNS
When an email is sent by an SMTP server, the server has to ‘announce its name’ using the HELO or EHLO command. If DNS is configured correctly along with a fully-qualified domain name (reverse DNS name), the sender can ensure compliance with RFC 2821 and use it as their HELO/EHLO string. This practice provides another layer of verification by reconfirming the server’s identity.
5. Using sender address verification (SAV)
Not all SMTP configurations include a default method for authenticating using the MAIL FROM address. Sender address verification (SAV) can prove useful here since it allows the user to connect to the appropriate return host and verify whether the site accepts emails from that address.
However, SAV comes with a few loopholes. For instance, attackers have been known to bypass SAV by simply sending emails with a valid MAIL FROM address. Any valid address already being targeted by spammers can get the job done.
It is therefore recommended to take special care when using SAV; other authentication methods can also be considered instead.
6. Securing SMTP with SSL/TLS
The vulnerabilities associated with SMTP have not gone unnoticed by email providers, who have taken measures to add security layers to the protocol. A secure sockets layer (SSL) is one such measure. Originally developed in 1995 by Netscape, SSL v2.0 was swiftly adopted by popular email clients and soon became a must-have feature.
With time, SSL fell out of favor and was finally deprecated in 2015, being replaced with a new standard known as transport layer security (TLS). After its release, TLS was constantly improved upon, and today, TLS version 1.3 is considered an industry standard.
While the latest versions of SSL can still be used, they feature various vulnerabilities that make them less recommended as compared to TLS. When choosing an SMTP solution, it is worth noting that some providers use the terms SSL and TLS interchangeably; while a service provider may be marketing their security protocol as SSL, they may, in fact, be offering TLS.
To ensure email security, users must opt for an SMTP provider that supports TLS, which enables encryption for emails exchanged between the client and server. In case malicious actors are able to breach the other security layers of SMTP, they will only have access to seemingly random characters where the email content would be. While they would still be able to wreak havoc to a certain extent, TLS-powered email encryption reduces the attack surface of SMTP and aids in data protection.
Another advantage of TLS is compatibility with digital certificates that assist with an extra security layer. These certificates give a concrete identity to each step of the process and enable what is known as a handshake.
How does a handshake work?
Well, as already established earlier in this article, emails are transmitted over SMTP, starting from the sender’s email client to the sender’s email server, then to the receiver’s email server, and finally to the receiver’s email client. As an email crosses each of these stages, a new connection is established.
In the case of TLS-powered SMTP, each connection needs both sides to establish trust. For instance, the sender’s email client needs to confirm that it is communicating with its own SMTP server and not with another network entity that is emulating it. Similarly, servers would need to establish each other’s authenticity before an email is transmitted. All this is achieved through a handshake.
Typical steps followed when establishing a handshake are:
- The email client transmits a message that contains details of the SSL/TLS versions it is compatible with, as well as the encryption types supported by it.
- The server responds with a message containing a public encryption key and a TLS digital certificate.
- The client verifies the legitimacy of the certificate. In case the certificate is valid, the client generates a ‘shared secret key’ using the public encryption key of the server.
- The server receives and decrypts the shared secret key. Now, both parties are able to use this key for encrypting and decrypting emails transmitted between them.
The process begins with both parties using different keys. However, as each step of the handshake is completed successfully, the shared secret key is used to make encryption synchronous and thereby swifter and more efficient.
SMTP is a protocol for email transmission and delivery. It is used by most popular email clients such as Microsoft Outlook, Google Gmail, Yahoo Mail, and Apple Mail.
To use SMTP, a user must set up an SMTP server and configure their email client to connect to it. The client then sends commands to the server, which enable the transfer of information, such as email addresses and the contents of the email. If the email addresses are from the same domain, the email is transmitted instantly. If not, the server uses a domain name system (DNS) to identify the receiving domain and transmit the email to the correct server.
In contrast to SMTP, which is used for sending emails, internet message access protocol (IMAP) and post office protocol (POP) are used to retrieve emails from a server. IMAP allows the management of emails stored on a server, while POP downloads and stores emails locally.
SMTP was originally an open protocol with no authentication; however, newer versions, such as ESMTP and SMTP-AUTH, introduced authentication mechanisms to prevent spam and phishing attacks. SMTPS is a method for securing SMTP using transport layer security (TLS) to protect against attackers modifying email contents or rerouting them to unauthorized middlemen. SMTP is widely used in enterprise communications and email marketing to send newsletters and promotional emails.
Several best practices can be followed when using SMTP to manage an email server. These include preventing open SMTP relays from being misused, using professional mailing solutions, matching forward and reverse DNS, matching the HELO string and reverse DNS, taking adequate care if sender address verification (SAV) is being used, and securing SMTP with secure sockets layer (SSL) or transport layer security (TLS).
MORE ON NETWORKING
- What Is Network Behavior Analysis? Definition, Importance, and Best Practices
- What Is Network Traffic Analysis? Definition, Importance, Implementation, and Best Practices
- What Is Network Behavior Anomaly Detection? Definition, Importance, and Best Practices for 2022
- What Is Network Mapping? Definition, Process, Importance, and Best Practices for 2022
- What Is Network Topology? Definition, Types With Diagrams, and Selection Best Practices for 2022