MailSlurp logo

blog

Everything You Need to Know About SMTP (Developer Guide)

Learn SMTP fundamentals, command flow, response code classes, port selection, and production checklists for reliable email delivery.

If you searched for everything you need to know about SMTP, start with this model:

  • SMTP is the protocol for sending email
  • commands and response codes define each step in delivery
  • ports and TLS mode must match
  • reliable sending requires testing plus SPF, DKIM, and DMARC controls

Quick answer: what is SMTP?

SMTP (Simple Mail Transfer Protocol) is the standard protocol used to submit and relay outbound email.

It is not a mailbox-reading protocol. Retrieval is handled by IMAP or POP3.

How SMTP works

  1. Your app or mail client opens a TCP connection to an SMTP server.
  2. The server greets with 220 and advertises capabilities after EHLO.
  3. Client negotiates security (STARTTLS) and authentication (AUTH) when required.
  4. Client sends envelope sender and recipients using MAIL FROM and RCPT TO.
  5. Client sends message content after DATA.
  6. Server accepts (250) and queues for onward delivery.

SMTP commands you should know

Command Purpose
EHLO Start session and discover ESMTP capabilities
HELO Legacy greeting command
STARTTLS Upgrade to TLS-encrypted session
AUTH Authenticate sender identity
MAIL FROM Declare envelope sender
RCPT TO Add recipient
DATA Send message headers and body
RSET Reset transaction state
NOOP Keepalive health check
QUIT End SMTP session

For detailed command reference, see SMTP commands and responses.

SMTP response code classes

Class Meaning Typical action
2xx Success Continue flow
3xx More input needed Send next command/data
4xx Temporary failure Retry with backoff
5xx Permanent failure Fix configuration, policy, or recipient data

Common examples:

  • 250 accepted
  • 354 start message content
  • 421 service unavailable
  • 450 mailbox unavailable (temporary)
  • 535 auth failed
  • 550 rejected or mailbox unavailable

SMTP ports and TLS pairing

Port Typical use TLS mode
587 Authenticated submission STARTTLS
465 Authenticated submission Implicit TLS
25 Server-to-server relay Optional/varies
2525 Alternate submission Provider-specific

Most application senders should start with 587 + STARTTLS.

Related guides:

Production SMTP checklist

  1. Validate command flow in Email Sandbox.
  2. Add delivery assertions using Email integration testing.
  3. Capture bounces and failures with Email Webhooks.
  4. Enforce sender authentication with SPF, DKIM, and DMARC checks.
  5. Monitor deliverability using Email deliverability testing.
  6. Route retries/fallback using Email automation routing.

Common SMTP failure patterns

Auth failures (535)

Usually caused by wrong credentials, unsupported auth mechanism, or provider policy mismatch.

Recipient rejections (550)

Often caused by nonexistent mailbox, relay policy, or sender reputation/policy issues.

TLS mismatch

Using STARTTLS on implicit TLS ports (or vice versa) causes negotiation failures.

For specific rejection fixes, see Fixing SMTP 550 errors.

FAQ

Is SMTP the same as IMAP?

No. SMTP sends mail. IMAP reads/syncs mailbox state.

Can SMTP acceptance guarantee inbox placement?

No. Accepted mail can still be filtered, deferred, or placed outside primary inbox.

Do I need SMTP if I use an email API?

Not always directly, but email APIs still operate on SMTP-compatible delivery infrastructure.

Next steps