MailSlurp logo

blog

SMTP protocol explained: commands, response codes, ports, and examples

Learn SMTP protocol basics with command flow, SMTP response codes, port guidance, and secure implementation examples for developers.

SMTP (Simple Mail Transfer Protocol) is the standard protocol for sending email across networks.

If you are searching for "smtp protocol", "smtp commands", or "smtp commands and responses", this guide gives you the practical model and troubleshooting path.

Quick answer: what is SMTP protocol?

SMTP is a command/response protocol. A client sends commands like EHLO, MAIL FROM, RCPT TO, and DATA, and the server returns status codes such as 220, 250, 354, or 550.

How SMTP works step by step

  1. Client opens a TCP connection to an SMTP server.
  2. Server responds with greeting (220).
  3. Client identifies itself with EHLO.
  4. Client negotiates TLS/auth if required.
  5. Client sends envelope sender and recipients.
  6. Client sends message content after DATA.
  7. Server queues message for delivery and returns status.

Session example:

S: 220 smtp.example.com ESMTP ready
C: EHLO app.example.com
S: 250-smtp.example.com
S: 250-STARTTLS
S: 250-AUTH LOGIN PLAIN
C: MAIL FROM:<sender@example.com>
S: 250 2.1.0 OK
C: RCPT TO:<recipient@example.com>
S: 250 2.1.5 OK
C: DATA
S: 354 End data with <CR><LF>.<CR><LF>
C: Subject: SMTP test
C:
C: Hello world
C: .
S: 250 2.0.0 Queued
C: QUIT
S: 221 Bye

Core SMTP commands

Command Purpose
EHLO Identifies client and requests ESMTP capabilities
HELO Legacy SMTP greeting
MAIL FROM Defines envelope sender
RCPT TO Adds recipient
DATA Starts message body transfer
RSET Resets active transaction
NOOP Keep-alive/no operation
QUIT Closes SMTP session
AUTH Starts SMTP authentication

For auth detail, read SMTP authentication explained.

SMTP response codes you should know

2xx success

  • 220: service ready
  • 235: authentication successful
  • 250: requested action completed

4xx temporary failure

  • retry later
  • often related to transient policy, network, or mailbox state

5xx permanent failure

  • fix configuration, auth, sender identity, or recipient data
  • common examples: 535 auth failed, 550 relay denied/mailbox unavailable

SMTP ports and when to use them

Port Typical use
587 Authenticated submission with STARTTLS (best default)
465 Implicit TLS submission
25 Server-to-server relay, often blocked for app clients
2525 Alternate submission port offered by some providers

See also: Which SMTP port should I use?

SMTP vs IMAP vs POP3

  • SMTP: send/submit email
  • IMAP: read/sync mailbox state
  • POP3: download mailbox messages

Most applications use SMTP for outbound delivery and IMAP/POP3 only when mailbox retrieval is needed.

Secure SMTP setup checklist

  1. Use 587 + STARTTLS (or 465 TLS)
  2. Require SMTP AUTH (or OAuth where required)
  3. Configure SPF, DKIM, and DMARC
  4. Use dedicated sender identities and monitored bounce paths
  5. Log SMTP transcripts for incident debugging

For security deep dive: SMTP encryption and STARTTLS.

Test SMTP behavior in CI and staging

Protocol success is not enough. Validate end-to-end behavior:

  • message arrival and latency
  • header/body correctness
  • OTP and verification link parsing
  • bounce and retry handling

MailSlurp helps teams create inboxes on demand and assert delivery in tests. Start with email integration testing and sending emails in code.

Production SMTP operations checklist

Use this checklist to reduce incident rate in high-volume SMTP workflows:

  1. Validate templates and recipient logic in an email sandbox.
  2. Add release-gate assertions with email integration testing.
  3. Track delivery and bounce lifecycle with email webhooks.
  4. Route retries and fallback paths through email automation routing.
  5. Continuously run deliverability tests and DMARC monitoring.

This closes the gap between protocol correctness and real inbox reliability.

FAQ

Is SMTP only for sending?

Yes. SMTP handles outbound transfer/submission, not mailbox retrieval.

What is ESMTP?

ESMTP is extended SMTP, adding capabilities like auth and STARTTLS, advertised via EHLO.

Why do SMTP emails fail even when code looks correct?

Most failures are policy or config issues: auth mode mismatch, wrong port/TLS mode, sender identity misconfiguration, or domain authentication gaps.

Final take

SMTP is simple in concept but operationally sensitive. Teams that understand command flow, auth, and response codes can diagnose failures faster and improve delivery reliability.