# SMTP - Simple Mail Transfer Protocol ## What is SMTP SMTP, the Simple Mail Transfer Protocol, is the standard protocol for sending email messages between servers and from email clients to outgoing mail servers. SMTP was defined in 1982 and has been the foundation of email communication since then. SMTP handles the transmission of email from the sender's mail server to the recipient's mail server, relaying messages across the internet if necessary. ## How Email is Sent Using SMTP When a user composes and sends an email, the email client connects to the outgoing mail server, typically on port 587 or 465, using SMTP with authentication. The client submits the email message to the mail server. The mail server then uses SMTP to deliver the message to the recipient's mail server. To find the recipient's mail server, the sending server performs a DNS lookup for the MX records of the recipient's domain. MX records specify the hostname of the mail server responsible for accepting email for a domain. The sending server connects to the recipient's mail server on port 25 and delivers the message using SMTP. ## SMTP Commands SMTP is a text-based protocol. Clients send commands and servers respond with numeric status codes and human-readable messages. The HELO or EHLO command introduces the client to the server. MAIL FROM specifies the sender's email address. RCPT TO specifies the recipient's email address. DATA signals the beginning of the email message content, after which the client sends the message headers and body. QUIT ends the SMTP session. The server responds to each command with a three-digit status code. Codes beginning with 2 indicate success, codes beginning with 4 indicate temporary failures, and codes beginning with 5 indicate permanent failures. ## SMTP Authentication and Security Modern mail servers require authentication before accepting messages for delivery, preventing the server from being used by unauthorized parties to send spam. SMTP Authentication, specified in RFC 4954, allows clients to authenticate using various mechanisms before submitting messages. SMTP over TLS encrypts the connection between the client and server. Mail servers use a technique called opportunistic TLS when exchanging messages with other servers. ## Email Authentication Mechanisms To combat email spoofing and spam, several authentication mechanisms have been developed. SPF, the Sender Policy Framework, specifies which mail servers are authorized to send email on behalf of a domain. DKIM, DomainKeys Identified Mail, allows the sending mail server to digitally sign email messages. DMARC builds on SPF and DKIM to specify how receiving servers should handle messages that fail authentication.