Demystifying Email Transmission: A Guide to SMTP Servers

Although sending an email seems straightforward from a user's point of view, the underlying process is much more intricate. Let's explore the workings of an outgoing mail server, specifically the SMTP server.

SMTP protocol explained

SMTP (Simple Mail Transfer Protocol) is a protocol used to send email messages between servers over the internet. Here is a brief explanation of how it works:

  • Connection: The sending mail server initiates a connection with the receiving mail server on port 25.
  • Handshake: The two servers perform a handshake, where they identify themselves and negotiate the terms of the communication.
  • Sender verification: The sending server verifies that the sender is authorized to send email from the specified address.
  • Message transfer: The sending server transfers the email message to the receiving server, which stores it in a mailbox.
  • Message delivery: The receiving server delivers the message to the recipient's mailbox, either on the same server or on a different server.
  • Status notification: The receiving server sends a status notification back to the sending server to confirm that the message was received or to indicate any errors that occurred during the process.

SMTP is a reliable protocol that ensures email messages are delivered to the correct destination, but it can also be vulnerable to spam and other types of abuse. As a result, various security measures such as email authentication and spam filtering have been implemented to improve its effectiveness.

The Role of Email Servers

When you hit send, your email client connects to a mail server - a computer responsible for managing emails. There are two types of email servers: incoming and outgoing. In this guide, we'll focus on the latter, known as the SMTP server.

What is an SMTP Server?

An SMTP server is a computer or application responsible for transmitting emails. It operates according to the Simple Mail Transfer Protocol (SMTP). The server receives emails from the email client and forwards them to other SMTP servers or the recipient's incoming mail server.

How an SMTP Server Operates

Here's an overview of the email transmission process and the role of the SMTP server:

  1. A mail user agent (MUA), like an email client or app, connects to the SMTP server of your domain (e.g., to initiate the SMTP connection through an SMTP handshake. The connection uses an SMTP port, usually 25, although other ports like 465, 587, or 2525 may be employed. Once connected, the SMTP session begins.
  2. The client provides the sender's and recipient's email addresses, as well as the email body and attachments, to the server.
  3. The mail transfer agent (MTA) on the SMTP server checks if the sender's and recipient's domain names match. If they do, the email goes directly to the recipient's POP3 or IMAP server. If not, the SMTP server communicates with the Domain Name Server (DNS).
  4. The DNS supplies the recipient's IP address.
  5. The sender's SMTP server connects to the recipient's SMTP server and relays the email. If the recipient's server is unavailable, the email is placed in an SMTP queue or sent to a backup server.
  6. The recipient's SMTP server verifies the incoming email. If the domain and user name are recognized, the server forwards the email to the receiving servers, either a POP3 or IMAP server.

SMTP Server Security

By default, SMTP servers lack built-in security features, making them vulnerable to spoofing, spamming, and data leakage. To mitigate these risks, email providers have added security layers to their infrastructure.

Initially, the Secure Sockets Layer (SSL) was implemented but had significant security flaws. In 2015, the Internet Engineering Task Force (IETF) deprecated SSL 3.0. In 1999, four years after SSL's creation, the Transport Security Layer (TLS) was introduced. TLS has since improved, and as of 2022, TLS 1.3 is considered the safest protocol for email encryption.

During the SMTP handshake, most email clients initiate a TLS connection using the SMTP command STARTTLS, which transitions to an encrypted connection.

Initiates the ESMTP protocol and identifies the sender's domain. The server responds with a list of supported features, including STARTTLS.
STARTTLS220 Ready to start TLSInitiates a secure TLS connection with the server. The server responds with a 220 status code indicating that it is ready to start the TLS handshake.
[TLS handshake]The client and server perform a TLS handshake to establish a secure connection.
After the secure connection is established, the client re-initiates the ESMTP protocol to negotiate the terms of the secure connection. The server responds with a list of supported features.
MAIL FROM: 250 2.1.0 OkSends the sender's email address to the server. The server responds with a 250 status code indicating that the address was accepted.
RCPT TO: 250 2.1.5 OkSends the recipient's email address to the server. The server responds with a 250 status code indicating that the address was accepted.
DATA354 End data with Indicates that the client is ready to send the message data. The server responds with a 354 status code indicating that it is ready to receive the message data.
[Message data]The client sends the message data to the server.
.250 2.0.0 Ok: queued as 12345Indicates the end of the message data. The server responds with a 250 status code indicating that the message was queued for delivery.
QUIT221 2.0.0 ByeCloses the connection between the client and server. The server responds with a 221 status code indicating that it is ready to close the connection.

SMTP Authentication Explained

SMTP authentication (SMTP AUTH) secures outgoing email servers. It is a feature of the Extended Simple Mail Transfer Protocol (ESMTP), which adds new functions to the SMTP protocol, including authentication.

SMTP AUTH requires the sender to be authorized to use the server to send emails, making it more difficult for spammers and spoofers to impersonate legitimate users. SMTP AUTH employs the SASL mechanism for authentication, which determines security levels and login methods, including PLAIN, LOGIN, and CRAM-MD5.

Here is an example of ESMTP auth using telnet:

Choosing Between Local and Cloud-based SMTP Servers

When choosing between local and cloud-based SMTP servers, there are several factors to consider:

  • Cost: Local SMTP servers require hardware and software to be purchased and maintained, whereas cloud-based SMTP servers are usually offered as a subscription service. Consider the upfront costs and ongoing maintenance costs of each option.
  • Scalability: Cloud-based SMTP servers can usually scale up or down quickly and easily based on the needs of the organization, whereas local SMTP servers may require additional hardware and software to be purchased and installed as the organization grows.
  • Reliability: Cloud-based SMTP servers may offer higher reliability as they are often backed by multiple servers and have redundancy built-in. Local SMTP servers may be more susceptible to downtime due to hardware failure or network issues.
  • Security: Cloud-based SMTP servers may offer higher levels of security as they are often managed by experienced professionals and may include built-in security features such as spam filtering and virus scanning. Local SMTP servers may require additional security measures to be put in place.
  • Compliance: Depending on the industry and location of the organization, there may be regulations and compliance requirements that dictate where email data can be stored and how it can be transmitted. Consider the compliance requirements of the organization when choosing between local and cloud-based SMTP servers.
  • Customization: Local SMTP servers may offer greater customization options, as they can be configured and managed by the organization's own IT team. Cloud-based SMTP servers may be more limited in terms of customization options.

Ultimately, the decision between local and cloud-based SMTP servers will depend on the specific needs and constraints of the organization, as well as the resources and expertise available to manage the email system.

Your Own SMTP Server

If you need to send bulk emails, setting up your own SMTP server might be an option. It allows unlimited email sending and control over your outgoing mail. However cloud based services are often more reliable and secure.

Cloud-based SMTP Server

MailSlurp is popular cloud based SMTP server. It allows you to send emails from your own domain and provides a REST API for sending emails from any programming language. It also has a free plan for testing and development. Create a free account today to get started.

Why MailSlurp email APIs will increase your deliverability

MailSlurp is an email API service that allows you to create and manage email addresses programmatically, send and receive emails, and perform various email-related tasks. While SMTP (Simple Mail Transfer Protocol) is a widely-used communication protocol for sending email messages, there are reasons why you might want to use MailSlurp's API instead:

  1. Easier integration: MailSlurp's API allows developers to interact with the service using popular programming languages and HTTP requests, making it easier to integrate email functionality directly into your applications or services.
  2. Scalability: MailSlurp's API is designed to scale with your needs, allowing you to send and receive large volumes of emails without worrying about the limitations of traditional SMTP servers or infrastructure.
  3. Real-time processing: MailSlurp's API enables real-time email processing, allowing you to send and receive emails instantly, as opposed to SMTP, which may experience delays due to server limitations or network issues.
  4. Advanced features: MailSlurp's API provides additional features not available with SMTP, such as email address creation and management, inbox routing rules, email parsing, and more. These advanced features can help streamline email workflows and improve email handling in your applications.
  5. Better security: MailSlurp's API uses secure HTTPS connections and supports authentication using API keys, ensuring your email communication remains private and secure. With SMTP, proper security configurations like TLS/SSL encryption and secure authentication methods must be set up correctly to avoid security risks.
  6. Improved deliverability: MailSlurp's API optimizes email deliverability by managing essential aspects like DKIM, SPF, and DMARC records, reducing the chances of your emails ending up in the spam folder. With SMTP, you need to configure and manage these records manually, which can be complex and time-consuming.
  7. Monitoring and analytics: MailSlurp's API offers built-in monitoring and analytics features that help you track email performance, including open rates, click-through rates, and bounce rates. With SMTP, you might need to rely on additional tools or services to obtain similar insights.

Overall, using MailSlurp's API instead of SMTP provides a more flexible, scalable, and secure solution for email communication, making it easier to integrate email functionality into your applications and services while offering advanced features and better deliverability.