Diff: SMTP Server
Comparing revision #1 (2023-08-14 15:43:20) with revision #2 (2026-06-22 15:10:02).
| Old | New |
|---|---|
A Simple Mail Transfer Protocol (SMTP) server is a computer program or software component that facilitates the sending, receiving, and routing of email messages between different email servers and clients. SMTP is a fundamental protocol in the architecture of email communication, serving as the engine that powers the exchange of electronic messages across the internet and other networks. |
|
An '''SMTP server''' is software that sends, receives or relays email using the Simple Mail Transfer Protocol. SMTP is the main protocol used for moving email between mail systems. |
|
== Overview == |
|
SMTP servers play a crucial role in the email delivery process. When an email is sent, the sending email client communicates with its designated SMTP server to initiate the message transfer. The SMTP server then routes the email through the appropriate network channels, interacting with other SMTP servers along the way, until the email reaches the recipient's mailbox. |
|
The term can describe different roles. A server that accepts outgoing mail from users is usually a message submission server. A server that passes mail between domains is a mail transfer agent. A server that accepts final delivery for a mailbox works with other local delivery or mailbox systems. |
|
== Key Functions == |
|
SMTP servers perform several essential functions in the email ecosystem: |
|
== SMTP Basics == |
|
SMTP is a text-based protocol. A client connects to a server, sends commands, receives numeric replies and transfers the message envelope and message data. |
|
=== Sending and Relaying === |
|
SMTP servers are responsible for sending outgoing email messages from the sender's email client to the recipient's email server. If the recipient's server is different from the sender's, the SMTP server may relay the message through intermediary SMTP servers to ensure successful delivery. |
|
A simple SMTP transaction normally includes: |
|
=== Receiving === |
|
SMTP servers are involved in receiving incoming email messages from other email servers. When an email is sent to a recipient, the sending email server communicates with the recipient's SMTP server to deliver the message. |
|
* '''EHLO''' or '''HELO''' to identify the client and discover extensions. |
|
* '''MAIL FROM''' to set the envelope sender. |
|
* '''RCPT TO''' to set one or more envelope recipients. |
|
* '''DATA''' to send the message content. |
|
* '''QUIT''' to close the session. |
|
=== Validation and Authorization === |
|
SMTP servers often perform checks to verify the authenticity of the sender and ensure that the sender has the necessary authorization to use the server for sending messages. This helps prevent unauthorized use and reduces the likelihood of spam. |
|
The envelope sender and recipient are not always the same as the visible From and To headers inside the message. This distinction matters for bounces, mailing lists, forwarding and anti-spam checks. |
|
=== Queuing and Delivery === |
|
SMTP servers manage message queues to ensure that emails are processed and delivered in an orderly manner. If a recipient's server is temporarily unavailable, the SMTP server may retry delivery at specified intervals. |
|
== Relay and Submission == |
|
Traditional server-to-server SMTP relay uses port 25. Message submission for users and applications normally uses port 587 under RFC 6409. Submission servers usually require authentication and may enforce local policy before accepting mail. |
|
=== Error Handling === |
|
SMTP servers handle error conditions, such as undeliverable messages or temporary delivery failures, by generating and sending bounce-back messages to the original sender. |
|
Port 465 is also widely used for implicit TLS submission, but port numbers and security rules depend on the provider. A normal public mail setup should not operate as an open relay. |
|
== SMTP Commands == |
|
SMTP communication involves a set of standardized commands and responses between the email client and the SMTP server. Some of the common SMTP commands include: |
|
== DNS and Delivery == |
|
When a mail server needs to deliver mail to another domain, it looks up MX records in DNS. The MX records identify the receiving mail exchangers for that domain. If no usable MX record exists, delivery may fall back according to SMTP rules, but modern providers normally publish explicit MX records. |
|
* EHLO/HELO: Greeting and identification of the client. |
|
* MAIL FROM: Specifies the sender's email address. |
|
* RCPT TO: Specifies the recipient's email address. |
|
* DATA: Begins the data transfer for the email message. |
|
* QUIT: Terminates the SMTP session. |
|
Receiving servers can accept, reject, temporarily defer or later bounce messages. Temporary failures often cause the sending server to queue the message and retry for a period before giving up. |
|
== Security Considerations == |
|
SMTP servers play a role in email security, but they are not always responsible for encryption of the email content during transit. Secure variations of SMTP, such as SMTPS and STARTTLS, provide encryption and authentication mechanisms to enhance email security. |
|
== Message Format == |
|
SMTP moves the message, while RFC 5322 defines the Internet Message Format used for headers and body structure. A message usually includes headers such as From, To, Date, Subject and Message-ID, followed by a blank line and the body. |
|
Modern email may also use MIME for attachments and HTML content. Those details sit above basic SMTP but are essential for real mail clients. |
|
== Security and Abuse Control == |
|
SMTP was designed in a more trusting network environment, so modern deployments add layers of authentication and filtering. |
|
Common controls include: |
|
* SMTP AUTH for submission accounts. |
|
* STARTTLS or implicit TLS for transport encryption where supported. |
|
* SPF to check whether a server is authorised to send for a domain. |
|
* DKIM to attach a cryptographic signature to messages. |
|
* DMARC to publish policy for SPF and DKIM alignment. |
|
* rate limits, spam scoring, blocklists and content scanning. |
|
These controls reduce abuse, but they do not make email perfectly secure. Forwarding, compromised accounts, spoofed display names and misconfigured DNS can still cause delivery and trust problems. |
|
== Example Use == |
|
A website contact form might submit mail to a provider's SMTP submission server on port 587. The application authenticates, sends the message to the provider, and the provider then relays it towards the recipient's mail system. |
|
For a business domain, a typical setup includes MX records for receiving mail, SPF records for authorised sending systems, DKIM keys for signing and a DMARC policy to guide receivers when checks fail. |
|
== See Also == |
|
* [[Microsoft_Azure]] |
|
* [[GoDaddy]] |
|
* [[SEO_Spam]] |
|
== References == |
|
* [https://datatracker.ietf.org/doc/html/rfc5321 RFC 5321: Simple Mail Transfer Protocol] |
|
* [https://datatracker.ietf.org/doc/html/rfc6409 RFC 6409: Message Submission for Mail] |
|
* [https://www.rfc-editor.org/info/rfc5322/ RFC 5322: Internet Message Format] |
|
* [https://datatracker.ietf.org/doc/html/rfc4954 RFC 4954: SMTP Service Extension for Authentication] |
|
* [https://datatracker.ietf.org/doc/html/rfc7208 RFC 7208: Sender Policy Framework] |
|
* [https://datatracker.ietf.org/doc/html/rfc6376 RFC 6376: DomainKeys Identified Mail Signatures] |
|
* [https://datatracker.ietf.org/doc/html/rfc7489 RFC 7489: DMARC] |
|
[[Category:Email]] |
|
[[Category:Internet protocols]] |