SMTP

Sure! Let’s dive deep into everything about SMTP (Simple Mail Transfer Protocol). This
protocol is a core component of email communication, and understanding it thoroughly
will give you insight into how email works on the Internet.

What is SMTP?

SMTP (Simple Mail Transfer Protocol) is a text-based communication protocol used for
sending email across the Internet. It operates on the Application Layer of the OSI model
(Layer 7) and is responsible for the transmission of email messages between servers, or
from a client to a server. It’s the protocol that allows email sending but not receiving—
receiving emails is handled by other protocols like POP3 or IMAP.

SMTP Workflow

The basic workflow of how SMTP operates involves a client and server communication.
The client sends an email, and the SMTP server processes it, forwarding it to the
destination server. Here's how the process generally works:

Client sends email: A user uses an email client (such as Outlook, Gmail, or
Thunderbird) to create and send an email.

Connection to SMTP server: The email client connects to the outgoing SMTP server (like
smtp.gmail.com) via port 25 (for unencrypted communication), 587 (for encrypted
communication), or port 465 (deprecated for SSL).

Sender and receiver information: The email client provides sender information (email
address) and recipient details (email address).

Data transmission: The email client sends the email body and any attachments,
encoded in a format like MIME (Multipurpose Internet Mail Extensions).

SMTP server sends email: The SMTP server processes the message and forwards it to
the recipient’s SMTP server (using DNS to look up the recipient’s server).

Email storage and retrieval: Once received, the recipient’s server stores the email until it
is retrieved by the recipient using a protocol like POP3 or IMAP.

SMTP Commands and Responses

SMTP uses a series of commands to control the flow of email messages between a
client and server. Below are some key SMTP commands and their meanings:

HELO/EHLO:

HELO is the initial command used by the client to introduce itself to the SMTP server
(it's followed by the domain name of the client).

EHLO is an extended version of HELO, used when the server supports enhanced
features like encryption and authentication.

MAIL FROM:

Indicates the sender’s email address. For example, MAIL

FROM:<[email protected]>.

RCPT TO:

Indicates the recipient’s email address. For example, RCPT

TO:<[email protected]>. This can be repeated for multiple recipients.

DATA:

This command tells the SMTP server that the client is about to send the message
content (the body and attachments). After this, the client sends the actual content of
the email.

QUIT:

Ends the SMTP session.

VRFY:

Verifies an email address on the mail server (rarely used).

RSET:
Resets the session, clearing any previous commands or transactions.

SMTP Message Structure

SMTP messages have a header and body, and optionally, attachments. Here's a general
breakdown of the structure:

Header: Contains metadata about the email, such as:

From: The sender’s email address.

To: The recipient’s email address.

Subject: The subject of the email.

Date: Date and time the email was sent.

Message-ID: A unique identifier for the message.

Body: The content of the email, which can include plain text or HTML, and is the main
message.

Attachments: Files that are sent along with the email (images, documents, etc.). These
are encoded using Base64 or MIME to allow non-text file transmission.

SMTP Ports

Port 25: The default port for SMTP communication. It is used for communication
between mail servers. However, it is not recommended for client-to-server
communication because it is often blocked by ISPs to prevent spam.

Port 587: The port recommended for client-to-server communication. It supports

STARTTLS (a command to upgrade an insecure connection to a secure one using
SSL/TLS).

Port 465: This port was historically used for encrypted SMTP connections (using
SSL/TLS). However, it has been deprecated in favor of port 587 and is not widely used
today.

SMTP Authentication
SMTP, by default, doesn't include any mechanism for authentication, which means that
anyone can use an SMTP server to send an email (this is why spam became an issue). To
address this, SMTP Authentication (SMTP AUTH) was developed.

SMTP AUTH: A set of commands that allows the client to authenticate itself to the SMTP
server before sending an email. Common methods include PLAIN, LOGIN, and CRAM-
MD5.

Authentication typically requires a username and password, which can be provided in

plaintext (not recommended) or in an encrypted manner (with SSL/TLS).

Security in SMTP

STARTTLS: A command to secure the connection between the client and server using
SSL/TLS. This is important because, by default, SMTP transmits data in plaintext, which
can be intercepted by attackers.

Encryption: Ensures that email content is not readable by unauthorized parties during
transmission. SMTP uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security)
to encrypt the data.

SPF (Sender Policy Framework): A system to verify the sender's identity and prevent
email spoofing by checking if the sender is authorized to send email for a given domain.

DKIM (DomainKeys Identified Mail): A method to verify the sender’s domain and the
integrity of the email content by using cryptographic signatures.

DMARC (Domain-based Message Authentication, Reporting & Conformance): A

protocol that uses SPF and DKIM to verify that emails come from authorized senders
and helps prevent phishing attacks.

SMTP vs Other Email Protocols

SMTP is primarily used for sending emails.

POP3 (Post Office Protocol 3): Used for receiving emails. It downloads the email from
the server to the client.

IMAP (Internet Message Access Protocol): Also used for receiving emails but with more
advanced features, like synchronization between multiple devices.

SMTP only handles sending emails, while POP3 and IMAP handle retrieving and storing
messages.

SMTP in Action: A Basic Example

Let’s go through a basic example of SMTP communication when a user sends an email:

The user opens an email client and composes an email.

The client connects to the SMTP server on port 25 or 587.

The client sends the HELO command to start the communication.

The client sends MAIL FROM with the sender’s email address.

The client sends RCPT TO with the recipient’s email address.

The client sends the DATA command to send the body and attachments.

The server processes the email, routes it through DNS, and forwards it to the recipient’s
SMTP server.

The recipient’s email server stores the message until the recipient retrieves it using
POP3 or IMAP.

Common SMTP Errors

550 Relay Not Allowed: This error occurs when the SMTP server is not configured to
relay messages. This is a measure to prevent spam.

421 Service Not Available: The server is temporarily unable to process the request.

450 Requested Mail Action Not Taken: Typically indicates that the recipient’s mailbox is
unavailable.

Summary of Key SMTP Details

SMTP is a text-based protocol used for sending email.

It operates on port 25 (for server-to-server communication) and port 587 (for secure
client-to-server communication).
The protocol uses commands like HELO, MAIL FROM, RCPT TO, and DATA to manage
email transmission.

It is primarily used for sending emails, and doesn't handle email retrieval (that’s done by
POP3 or IMAP).

SMTP is an insecure protocol by default but can be secured using STARTTLS and
SSL/TLS.

Modern SMTP servers often use authentication (SMTP AUTH) to ensure only authorized
users can send emails.

Security enhancements include SPF, DKIM, and DMARC, which help prevent email
spoofing and phishing.

Understanding SMTP is essential for anyone involved in network administration or email

configuration, as it is the backbone of email delivery on the Internet.