An SMTP server is software that sends, receives or relays email using the Simple Mail Transfer Protocol. SMTP is the main protocol used for moving email between mail systems.
The term can describe different roles. A server that accepts outgoing mail from users is usually a message submission server. A server that passes mail between domains is a mail transfer agent. A server that accepts final delivery for a mailbox works with other local delivery or mailbox systems.
SMTP Basics
SMTP is a text-based protocol. A client connects to a server, sends commands, receives numeric replies and transfers the message envelope and message data.
A simple SMTP transaction normally includes:
- EHLO or HELO to identify the client and discover extensions.
- MAIL FROM to set the envelope sender.
- RCPT TO to set one or more envelope recipients.
- DATA to send the message content.
- QUIT to close the session.
The envelope sender and recipient are not always the same as the visible From and To headers inside the message. This distinction matters for bounces, mailing lists, forwarding and anti-spam checks.
Relay and Submission
Traditional server-to-server SMTP relay uses port 25. Message submission for users and applications normally uses port 587 under RFC 6409. Submission servers usually require authentication and may enforce local policy before accepting mail.
Port 465 is also widely used for implicit TLS submission, but port numbers and security rules depend on the provider. A normal public mail setup should not operate as an open relay.
DNS and Delivery
When a mail server needs to deliver mail to another domain, it looks up MX records in DNS. The MX records identify the receiving mail exchangers for that domain. If no usable MX record exists, delivery may fall back according to SMTP rules, but modern providers normally publish explicit MX records.
Receiving servers can accept, reject, temporarily defer or later bounce messages. Temporary failures often cause the sending server to queue the message and retry for a period before giving up.
Message Format
SMTP moves the message, while RFC 5322 defines the Internet Message Format used for headers and body structure. A message usually includes headers such as From, To, Date, Subject and Message-ID, followed by a blank line and the body.
Modern email may also use MIME for attachments and HTML content. Those details sit above basic SMTP but are essential for real mail clients.
Security and Abuse Control
SMTP was designed in a more trusting network environment, so modern deployments add layers of authentication and filtering.
Common controls include:
- SMTP AUTH for submission accounts.
- STARTTLS or implicit TLS for transport encryption where supported.
- SPF to check whether a server is authorised to send for a domain.
- DKIM to attach a cryptographic signature to messages.
- DMARC to publish policy for SPF and DKIM alignment.
- rate limits, spam scoring, blocklists and content scanning.
These controls reduce abuse, but they do not make email perfectly secure. Forwarding, compromised accounts, spoofed display names and misconfigured DNS can still cause delivery and trust problems.
Example Use
A website contact form might submit mail to a provider's SMTP submission server on port 587. The application authenticates, sends the message to the provider, and the provider then relays it towards the recipient's mail system.
For a business domain, a typical setup includes MX records for receiving mail, SPF records for authorised sending systems, DKIM keys for signing and a DMARC policy to guide receivers when checks fail.
See Also
References
Discussion log
Use comments for sourcing notes, corrections, and disputed details.
No comments yet.