SMTP (Simple Mail Transfer Protocol)

Definition

SMTP (Simple Mail Transfer Protocol, RFC 5321) is the standard protocol for sending and routing email across the Internet. It is a store-and-forward protocol that delivers email from the sender to the recipient’s mail server.

SMTP handles only email delivery (sending). Receiving and storing email uses POP3 or IMAP.

SMTP Flow

Sender                          Sender's MTA           Recipient's MTA        Recipient's MDA
  │                               │                       │                       │
  │  (compose email)              │                       │                       │
  │── SMTP (port 587/TLS) ──────▶│                       │                       │
  │                               │── DNS MX lookup ──────▶│                       │
  │                               │                       │                       │
  │                               │── SMTP (port 25) ────▶│                       │
  │                               │                       │── POP3/IMAP ───────▶│
  │                               │                       │                       │ (retrieve email)

SMTP Ports

Port Protocol Use Case
25 SMTP (unencrypted) Server-to-server relay
465 SMTPS (TLS) SMTP over implicit TLS (deprecated but still used)
587 SMTP + STARTTLS Client-to-server submission (recommended)
2525 SMTP (unencrypted) Alternative when port 25 is blocked

SMTP Commands (EHLO/HELO)

Client: EHLO example.com
Server: 250 mail.example.com
        250-SIZE 35882577
        250-STARTTLS
        250-AUTH PLAIN LOGIN
        250-AUTH=PLAIN LOGIN
        250 ENHANCEDSTATUSCODES

Client: AUTH LOGIN
Server: 334 VXNlcm5hbWU6
Client: base64(username)
Server: 334 UGFzc3dvcmQ6
Client: base64(password)
Server: 235 2.7.0 Authentication successful

Client: MAIL FROM:<sender@example.com>
Server: 250 2.1.0 OK

Client: RCPT TO:<recipient@example.com>
Server: 250 2.1.5 OK

Client: DATA
Server: 354 End data with <CR><LF>.<CR><LF>
Client: Subject: Hello
From: sender@example.com
To: recipient@example.com

Hello!
.
Server: 250 2.0.0 OK: queued as ABC123

SMTP Authentication (SMTP AUTH)

Mechanism Description Security
PLAIN Username + password in base64 Requires TLS
LOGIN Microsoft’s variant of PLAIN Requires TLS
CRAM-MD5 Challenge-response with MD5 No TLS required (deprecated)
OAuth 2.0 Token-based authentication Modern, recommended
XOAUTH2 Google’s OAuth 2.0 extension Google-specific

Email Security (SMTP Layer)

Protocol Purpose
STARTTLS Upgrade plaintext SMTP to TLS encryption
DKIM Sign emails with private key; verify with public DNS record
SPF DNS record listing authorized sending IPs
DMARC Policy for handling SPF/DKIM failures
TLS Encrypt SMTP connections

SPF Record Example

example.com.  IN  TXT  "v=spf1 mx a:mail.example.com ip4:192.168.1.0/24 -all"
Tag Meaning
v=spf1 SPF version
mx Allow domain’s MX servers
a Allow domain’s A record IP
ip4:192.168.1.0/24 Allow this IP range
-all Hard fail (reject all others)

DKIM Record Example

default._domainkey.example.com.  IN  TXT  "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4..."

DMARC Record Example

_dmarc.example.com.  IN  TXT  "v=DMARC1; p=reject; rua=mailto:dmarc@example.com; pct=100; adkim=s; aspf=s"
Tag Meaning
p=reject Reject failing emails
rua=mailto:... Aggregate report email
pct=100 Apply to 100% of emails
adkim=s Strict DKIM alignment
aspf=s Strict SPF alignment

SMTP in Infrastructure

Component SMTP Role
Mail server Postfix, Exim, Sendmail (MTA)
Mail relay Send emails via external relay (SendGrid, Mailgun)
Monitoring Monitor SMTP queue, delivery rates
Email security SPF, DKIM, DMARC, TLS
CI/CD SMTP for notification emails
  • Imap |
  • POP3 — POP3 retrieves email (SMTP sends it) |
  • Tls — SMTP traffic filtering (port 25/587) |
  • Waf |

References