What is SMTP and how it works?

SMTP stands for Simple Mail Transfer Protocol. It is a standard protocol used for transmitting email messages between servers over the Internet or local networks. SMTP enables sending mail reliably and efficiently by defining how email communication should occur between mail servers and clients.

What is SMTP and how it works?

Overview of SMTP

SMTP is a set of communication guidelines that allows sending email between servers, clients and devices:

  • Developed in 1982 as RFC 821 and later updated.
  • Text-based protocol, uses TCP port 25 by default.
  • Utilizes client-server architecture.
  • Defines commands to initiate mail exchanges and transfer messages.
  • Establishes connections to transmit email between source and destination mail servers.
  • Does not deal with user authentication. Handles only transmission of messages.
  • POP3 or IMAP protocols handle retrieval of email stored on servers into clients.

So in essence, SMTP specifies the protocol for routing and delivering email through relay servers across the internet.

How Does SMTP Work?

The working of SMTP involves the following basic steps:

  1. Mail User Agent (MUA) like email software or app connects to SMTP server to send outgoing mail.
  2. SMTP handshake initiates between SMTP client and server along with validation.
  3. Sender details like email address specified in SMTP envelope (not visible in message).
  4. Content of message written per defined SMTP formatting standards.
  5. Message content transferred to server by encoding into SMTP-ready form.
  6. Server determines outgoing SMTP server based on domain name in recipient’s email address.
  7. Mail gets transferred to outgoing SMTP server from originating server.
  8. Final delivery to recipient’s email inbox after traveling between multiple SMTP mail servers as needed.

So SMTP facilitates end-to-end transportation of email between mail servers across the internet.

Key Components of SMTP Architecture

The key components that enable the SMTP mail system are:

  • User agents – Email clients like Outlook, smartphone apps used to compose and view messages.
  • Mail Submission Agent (MSA) – Submits outgoing mails to mail server using SMTP.
  • Mail Transfer Agent (MTA) – SMTP server that relays messages using routing and forwarding.
  • Mail Delivery Agent (MDA) – Delivers received incoming mail to recipient’s mailbox from MTA.
  • Simple Mail Transfer Protocol (SMTP) – Defines communication between agents using TCP port 25 by default.
  • Domain Name System (DNS) – Resolves domain names to destination IP addresses for routing mail.

So in summary, SMTP is the protocol binding together user agents, mail servers and delivery handlers for reliable mail transfer.

Key Features of SMTP

Some of the core features of the SMTP protocol include:

  • Text-based – Commands and responses are in human-readable text format for ease of troubleshooting.
  • Client-server model – Permanent SMTP server daemon, client initiates on-demand connection.
  • Stateless – No persistent server state. Each transaction independent.
  • Point-to-point transfer – Direct sender-receiver server connection.
  • Three-way handshake – Client-server greetings establish connection.
  • SMTP envelope – Stores sender, recipient metadata detached from message content.
  • Synchronous – Ensures each step of transmission completed before next command.
  • Error reporting – Error codes help diagnose issues.

So simplicity, resilience and predictability make SMTP efficient and reliable for email delivery.

Common SMTP Commands

Some frequently used SMTP commands are:

  • HELO – Initiates SMTP session by greeting server.
  • EHLO – Extended HELO, also indicates SMTP extension support.
  • STARTTLS – Switches connection to encrypted TLS mode.
  • AUTH – Authenticates sender credential if required.
  • MAIL FROM – Specifies sender email address in envelope.
  • RCPT TO – Adds recipient addresses into envelope.
  • DATA – Initiates message content transfer.
  • QUIT – Closes SMTP connection gracefully after transfer.
  • RSET – Aborts current message transfer in progress.

So commands define specific SMTP session steps, parameters and interactions between client and server.


While SMTP handles sending of emails, POP3 and IMAP deal with retrieval of messages by clients:

Transfers mail between servers Retrieves email from server to client for viewing
Push protocol – sends outgoing messages Pull protocols – fetch incoming messages
Uses port 25 by default POP3 uses port 110, IMAP uses 143 by default
Does not deal with authentication Provides authentication for security
Does not store messages on server Leaves messages on server unless user deletes them
Server side protocol Client side protocols
Text-based protocol Supports MIME extensions for attachments

So SMTP coordinates message transport while POP and IMAP enable actual client access.

Securing SMTP with TLS Encryption

SMTP natively sends information in plaintext. Security enhancements like Transport Layer Security (TLS) are added to harden security:

  • STARTTLS SMTP extension – Upgrades session from plaintext to encrypted TLS mode to protect entire conversation.
  • SMTPS – SMTP variant that initiates connection only over TLS, uses port 465 by default. But less compatible.
  • Certificate-based authentication – Requires valid digital certificate from public or private CA for server trust and identity verification.
  • SMTPAuth – Allows SMTP authentication mechanisms like CRAM-MD5 for user verification when sending mail by submitting credentials.

So SMTP can be made secure by mandating TLS encryption, server identity validation and client authentication.

Key Takeaways on SMTP

  • SMTP is the standard protocol facilitating reliable sending and transportation of email messages between servers over the Internet.
  • It establishes connections between mail servers and defines commands to complete mail transmission handshakes.
  • Clients submit messages to SMTP server which forwards to recipient server based on domain via SMTP envelope information.
  • SMTP handles only server-server mail transmission. POP3 and IMAP enable client retrieval.
  • SMTP uses plaintext. Security implemented through extensions like mandatory TLS, server/client certificates and authentication.


The SMTP protocol forms the backbone of global email delivery by defining a standardized way for messages to be reliably transported between mail servers over the Internet. Its resilience has enabled SMTP to still remain the universal standard even four decades after its introduction. Extensions like SMTPAuth, TLS and SMTPS have allowed hardening security along with the core protocol’s origin-focused design. As email continues to remain a key communications medium globally, SMTP enables this by facilitating seamless interoperability between diverse mail servers and clients to securely fulfill core messaging functionality.


  1. What is the difference between SMTP and POP3?
    SMTP handles sending mail between servers. POP3 and IMAP deal with retrieving email from servers into client inboxes by users.
  2. Does SMTP use TCP or UDP?
    SMTP uses TCP as the transport layer protocol. Communication is done over TCP port 25 by default for reliability.
  3. Is SMTP end-to-end encrypted by default?
    No, native SMTP involves transmission of data in plaintext. Extensions like STARTTLS are required to add TLS encryption to connections.
  4. Is SMTP faster than HTTP?
    SMTP transmission is generally faster than HTTP due to text-only low overhead design optimized for emails vs HTTP meant for full web documents including media.
  5. What are common SMTP status codes?
    Common SMTP status codes are 220 – Service ready, 250 – Requested mail action completed, 354 – Start mail input, 440 – Authentication required, 550 – Mailbox unavailable etc.
  6. Can SMTP send attachments?
    No, SMTP deals just with text-based headers and content. MIME extensions enable sending attachments by encoding into supported SMTP format.
  7. Does SMTP support read receipts?
    No, SMTP alone does not support read receipts. IMAP and Exchange protocols enable functionality for email senders to request and receive read receipt confirmation.
  8. Can SMTP servers be publicly reachable from internet?
    No, due to abuse risks it is recommended to block public access to SMTP servers through firewalls and expose them only via submission port 587 for authenticated submissions.
  9. What are common SMTP ports?
    Commonly used SMTP ports are 25 for general SMTP, 465 for SMTPS, 587 for mail submission from clients and 2525 as alternative submission port.
  10. Can I use webmail without SMTP?
    No, you cannot use typical webmail that involves email transmission without SMTP. The protocol may be hidden in the backend but needed for mail transport.
  11. Is SMTP an application layer or transport layer protocol?
    SMTP operates at the application layer of the OSI model. It relies on TCP at the transport layer for message transmission between networks.
  12. Why was SMTP created?
    SMTP was invented to enable reliable sending of emails in standardized way such that any SMTP-compliant mail server worldwide would be able to deliver mails originating from any source server.
  13. Can I send emails without an SMTP server?
    No, to send an email you must have access to an SMTP server to transport and relay your message ahead to recipient’s email address since the protocol underpins mail delivery.
  14. Is Gmail SMTP end-to-end encrypted?
    No, Gmail SMTP transmission is not end-to-end encrypted by default even for mails between Gmail accounts. Users need to check encryption settings.
  15. Does SMTP use encryption?
    Native SMTP does not use encryption. TLS-based SMTP extensions like STARTTLS are required to upgrade session to encrypted mode for security.
  16. What are the vulnerabilities of SMTP?
    Several security issues like mail spoofing, relay attacks, email injection etc. are prevalent due to lack of authentication and encryption in default SMTP, necessitating hardening.
  17. Can I use email without an SMTP server?
    No, you cannot use typical email systems that involve sending messages without utilizing SMTP protocol in the backend for coordinating mail transmission between servers internally.
  18. Does Microsoft Exchange use SMTP?
    Yes, Microsoft Exchange uses SMTP protocol for communication between its Mailbox servers. It extends SMTP with custom Active Directory-based attributes.
  19. Does Gmail use SMTP?
    Yes, Gmail utilizes SMTP for sending outgoing messages. Google contacts secure SMTP relays internally between its data centers for mail delivery.
  20. Why are there multiple MX records?
    Having multiple MX records provides redundancy to allow backup mail servers to accept messages if the primary MX record specified server is unavailable, ensuring email delivery resilience.

Leave a Comment