There are different variants and types of SMTP implementations that enable email transmission. These include variations like SMTP with TLS encryption, Submission Port SMTP, Sendmail and Exchange Server SMTP along with DNS-based types like Authoritative SMTP.
Overview of SMTP Types
Some common SMTP types and implementations are:
- Plain SMTP
- SMTP with TLS encryption (SMTPS)
- SMTP submission
- SMTP with POP3 before SMTP
- Sendmail SMTP
- Exchange Server SMTP
- Authoritative SMTP
- SMTP relays
- Smart hosts
Each fulfills specific use cases and needs when sending emails between servers, clients and devices.
Plain vanilla SMTP refers to simple unencrypted SMTP communication:
- Uses default port 25 for TCP connections.
- Starts with textual HELO/EHLO commands for handshake.
- Sends username and password for authentication in plain text.
- Sends message contents unencrypted natively.
- Prone to vulnerabilities like sniffing or man-in-the-middle attacks.
- Should only be used internally on trusted networks if at all.
So plain SMTP is increasingly deprecated for outward-facing connections and public internet due to lack of encryption and authentication.
SMTP with TLS Encryption (SMTPS)
SMTPS refers to implicit TLS encryption applied to SMTP connections:
- Uses non-standard port 465 by default.
- Encrypts entire SMTP session including handshake as well transmission.
- Provides in-transit message confidentiality and integrity.
- Protects against sniffing and alteration of conversations.
- TLS certificate guarantees server identity.
- More resistant to MITM attacks compared to unencrypted SMTP.
So SMTPS offers improved security and is suitable for connections traversing untrusted networks like the internet though port blocking can cause issues.
SMTP with STARTTLS
SMTP with STARTTLS enables opportunistic TLS encryption:
- Uses traditional SMTP port 25.
- Starts as clear text session first.
- Issues STARTTLS command to upgrade connection to TLS encryption during session.
- Improves security selectively once encrypted without affecting other traffic.
- Backward compatible with legacy devices lacking TLS unlike SMTPS.
So STARTTLS offers a middle ground – connections open unencrypted to avoid port blocks but can optionally switch to secure TLS mode if supported.
SMTP submission uses dedicated port 587:
- Intended for client submission of outgoing emails to mail server.
- Separates client submission traffic from server-to-server SMTP.
- Allows imposing extra security policies like authentication etc. on submissions only.
- Permits tighter control over user-contributed mails instead of SMTP port 25 used earlier.
- Port 465 also used sometimes as alternative secure submission portal.
So SMTP submission ports provide more controlled point of entry for user-generated emails into mail infrastructure.
SMTP with POP3 before SMTP
This technique authenticates using POP3 credentials during SMTP transaction:
- Uses POP3 authentication handshake before allowing SMTP access.
- Validates user identity based on POP3 login credential check.
- If POP3 authentication succeeds, permits sending mail over SMTP.
- Avoids need for SMTP AUTH when POP3 accounts already exist.
- Reduces additional coding for SMTP authentication if POP3 server in place.
So leverages existing POP3 login validity to secure SMTP submission in older environments.
Sendmail SMTP is the mailing engine provided by the open source Sendmail software:
- Robust open source SMTP application popular on Linux/Unix systems.
- Offers extensive capability to filter emails based on rules.
- Supports encryption, authentication and security extensions.
- Interoperates well with wide range of mail software.
- Highly flexible and customizable but relatively complex initial configuration.
- Alternative Postfix provides simpler server installation and setup.
So Sendmail remains a versatile and capable open source SMTP implementation for Linux/Unix environments.
Microsoft Exchange Server SMTP
Exchange Server provides proprietary SMTP functionality:
- Uses SMTP protocol but adds proprietary Exchange headers and attributes for richer routing.
- Integrated seamlessly into Microsoft infrastructure including Active Directory.
- Manages message transfer through Exchange transport pipeline.
- Mature and full-featured SMTP implementation.
- Best efficiency in holistic Microsoft environments using Exchange mailboxes.
So in Microsoft centric organizations, Exchange Server SMTP with its close AD coupling and native Outlook optimization provides robust mail capabilities.
Authoritative SMTP uses identity verification based on DNS records:
- Validates incoming SMTP server connections against DNS records before accepting mail.
- Checks reverse DNS of connecting server IP matches its hostname and domain.
- Verifies resolved IP address aligns with source domain for server identity assurance.
- Improves security by confirming originating server is truly authorized to send emails from domain.
- Reduces spoofed or spam content from unauthorized sources.
So Authoritative SMTP provides enhanced sender validation and anti-spoofing based on cross-checking IP-hostname-domain using DNS which helps thwart abuse.
SMTP relays forward mails between separate networks:
- Used when direct end-to-end SMTP connectivity between networks not possible.
- Acts as intermediary hop accepting incoming then relaying emails outbound towards final destination.
- Small-medium businesses use ISP-provided SMTP relays to route outbound mail.
- Can implement additional security, filtering etc. when relaying messages between disparate networks.
- Risks include open relays used by spammers if not correctly locked down.
So SMTP relays provide building block for inter-network mail transmission but need proper safeguards.
Smart Host SMTP
Smart host SMTP uses intermediate relay server:
- Organisation’s SMTP mail is forwarded first to an intermediate SMTP server relay.
- This smart host then takes responsibility for routing message to final destination over the internet.
- Adds layer of indirection that can implement additional security, optimization etc.
- Masks internal SMTP server from being directly exposed to wider internet.
- Typical smart host services used include Amazon SES, Sendgrid etc.
So smart hosts simplify mail handoff to reliable cloud SMTP services for delivery over public internet.
Key Differences Between SMTP Variants
|No encryption by default.
|Supports TLS encryption.
|Leverages Active Directory.
|Prone to snooping/interception.
|Protects entire session.
|Can use STARTTLS for encryption.
|Feature-rich and customizable.
|Tight integration with Microsoft stack.
|Uses port 25.
|Uses port 465.
|Uses port 587.
|Popular on Linux/Unix.
|Proprietary attributes and headers.
|Vulnerable to spoofing.
|Separates client traffic.
|Open source implementation.
|Best efficiency with Exchange mailboxes.
|Trusted as establishes identity.
|Apply controls selectively.
|Steeper learning curve.
|Familiar interface for Windows admins.
So in summary, different SMTP options have evolved with specific advantages around security, sender-recipient separation, platform optimized delivery etc.
Key Takeaways on SMTP Types
- SMTP has many implementations like unencrypted, TLS-encrypted, submission port, Sendmail etc. based on specific needs.
- SMTP over TLS provides opportunistic or implicit encryption for security especially over untrusted networks.
- SMTP submission separates client and server traffic for better control over user-contributed mails.
- Exchange Server SMTP optimizes mail routing in Microsoft environments while Sendmail caters to Linux/Unix platforms.
- Authoritative SMTP validates against DNS records to reduce spoofing compared to open relays.
- Smart hosts simplify mail handoff to intermediate SMTP service providers for distributed environments.
While SMTP provides a standardized way to route and relay emails universally, different implementations fulfill specific organizational needs around security, client submission control, platform optimization, inter-domain handoffs etc. Encrypting SMTP sessions over TLS hardens transmissions while using submission ports selectively applies policies to user emails. Microsoft Exchange server, open source Sendmail and authoritative SMTP fine-tuned based on platform environment, organizational relationships andspoof-prevention requirements demonstrate SMTP’s flexibility. Evaluating specific requirements and capabilities allows choosing the appropriate SMTP type matching infrastructure needs for secure and efficient mail delivery tailored to diverse email domains and networks.
- What is more secure SMTP or SMTPS?
SMTPS encrypts SMTP fully so it is much more secure than plain text SMTP and resilient to eavesdropping/manipulation in transit over untrusted networks.
- When should I use SMTP with TLS instead of SMTPS?
STARTTLS-based opportunistic encryption is preferred if recipients use port blocking which interferes with SMTPS. But SMTPS is better where allowed.
- Can I use Microsoft Exchange Server SMTP on Linux?
No, Exchange Server SMTP relies on proprietary Microsoft infrastructure so can only be deployed on Windows Server in conjunction with Active Directory, Exchange mailboxes etc.
- What are disadvantages of plain text SMTP?
Plain SMTP transmits all data insecurely in clear text exposing usernames, passwords, emails and attachments to sniffing and MITM attacks making it inadequate for public internet.
- Is SMTP over TLS slower than plain text SMTP?
Negligibly yes, due to the additional encryption overhead. But the performance penalty is small while security gains massive for WAN traffic.
- When should I use SMTP submission port 587 instead of 25?
Using submission port for client connections allows betterisolation and control over user-contributed mails through policies while keeping port 25 for server-server interactions.
- How does SMTP with POP3 authentication work?
The user’s POP3 username/password credentials are passed during SMTP session by client to authenticate identity in lieu of SMTP AUTH eliminating separate user login.
- Can I run Sendmail SMTP on Windows server?
Sendmail is optimized for Linux/Unix systems. While ports exist to run Sendmail service on Windows, it is recommended to use native Microsoft SMTP stack for best performance.
- Does Exchange Server SMTP use open source Sendmail?
No, Exchange Server uses its own proprietary SMTP implementations and does not incorporate open source Sendmail technology internally in any manner.
- What are disadvantages of using SMTP relays?
Relays introduce single point of failure. They also need proper configuration to avoid security issues like open relays used for spam distribution without safeguards.
- How does smart host simplify SMTP?
Smart host eliminates need to maintain complex route tables and DNS records by handing off mails to intermediate providers like Amazon SES optimally configured to deliver mails over the internet.
- Can I use Authoritative SMTP without a static IP?
No, Authoritative SMTP depends on validating unchanging origin server IPs against DNS hostnames so works reliably only with servers having fixed static IP addresses.
- Are proprietary SMTP implementations non-standard?
While they may add custom extensions, core proprietary implementations like Exchange SMTP still conform to fundamental SMTP RFC specifications for broader interoperability.
- Which is better Sendmail or Postfix for SMTP?
Postfix is considered simpler to configure and manage compared to Sendmail which is more full-featured. But Sendmail offers greater customization flexibility for advanced users.
- Is Microsoft Exchange SMTP server free?
No, Exchange Server requires paid Microsoft licensing even when used just for its SMTP capabilities in conjunction with POP/IMAP servers. Freeware options like hMailServer exist.
- Can I use TLS encryption with SMTP submission port?
Yes, while port 587 is typically unencrypted, the STARTTLS extension can be used with SMTP submission just like standard SMTP to add opportunistic TLS encryption to connections.
- What are the most secure SMTP ports?
Port 465 SMTPS and 587 when configured with TLS encryption provide the most secure protocols. Unencrypted SMTP should never be exposed beyond internal trusted networks.
- How many hops typically in an SMTP transaction?
A typical SMTP conversation may involve sender’s MSA -> MTA -> Relays -> Receiver’s MTA -> MDA. But hops vary based on routing with 1-2 intermediate relays common between source and destination servers.
- Can I use Microsoft Exchange server SMTP on Mac device?
Yes, Exchange SMTP can be used universally across platforms for outgoing emails after suitable service and authentication configurations. Only advanced capabilities may lack cross-platform support.
- How is Gmail SMTP different from standard SMTP?
Gmail SMTP uses standard commands and ports but applies additional security like mandatory TLS, authentication and spam/abuse protection. It encrypts messages stored internally end-to-end unlike regular SMTP.