SMTP

SMTP is a push protocol: it moves email forward toward its destination. When you click Send, your client connects to your mail provider's SMTP server on port 587, authenticates, and hands over the message. The provider's server then looks up the recipient domain's MX (Mail Exchange) DNS record, connects to the recipient's mail server on port 25, and delivers the message. If delivery fails, SMTP servers queue and retry for up to several days before sending a bounce notification. SMTP only sends — retrieving your inbox requires IMAP or POP3.

SMTP command sequence

An SMTP session follows a strict command dialogue. The sending server opens a TCP connection and the conversation proceeds: EHLO (extended hello, announcing client identity and requesting capability list) → MAIL FROM:<sender@example.com> (envelope sender) → RCPT TO:<recipient@example.com> (envelope recipient, repeated for each recipient) → DATA (begins message body, terminated by a line containing only a period) → QUIT. The receiving server responds with three-digit status codes at each step. A 250 means success; 4xx means temporary failure (retry later); 5xx means permanent failure (bounce). The EHLO response lists supported extensions — AUTH, STARTTLS, SIZE, 8BITMIME — that the client can then use.

SMTP ports

Email authentication: SPF, DKIM, DMARC

Because original SMTP allows any server to claim any sender address, three DNS-based mechanisms now authenticate legitimate senders. SPF (Sender Policy Framework) is a DNS TXT record listing the IP addresses and hostnames authorised to send email for a domain — e.g., v=spf1 include:_spf.google.com ~all. Receiving servers check whether the connecting MTA's IP matches the SPF record. DKIM (DomainKeys Identified Mail) adds a cryptographic signature header to each outgoing message. The sending server signs the message with a private key; the public key is published in DNS at a selector subdomain (e.g., selector._domainkey.example.com). Receiving servers verify the signature against the DNS record. DMARC (Domain-based Message Authentication, Reporting and Conformance) ties SPF and DKIM together with a policy: p=reject tells receivers to discard messages that fail both checks; p=quarantine sends them to spam. DMARC also includes a reporting address so domain owners receive aggregate reports of authentication failures across the internet.

SMTP relay vs direct delivery

Direct delivery means the sending MTA looks up the recipient domain's MX record and connects directly to that mail server. Smart relay (or relay host) means the sending MTA hands the message to a designated relay server, which then handles onward delivery. Most applications and scripts use a relay (like SendGrid, Mailgun, AWS SES, or a corporate mail gateway) rather than direct delivery — because relay providers handle reputation management, bounce processing, DKIM signing, and deliverability. An open relay — an SMTP server that accepts and forwards mail from anyone without authentication — is immediately exploited by spammers and blacklisted within hours.

Common SMTP error codes

SMTP status codes follow a three-digit structure. The first digit indicates class: 2xx = success, 4xx = temporary failure (queue and retry), 5xx = permanent failure (bounce). Key codes: 421 — service temporarily unavailable, try later (often rate limiting or server overload). 450 — mailbox temporarily unavailable (greylisting or quota). 550 — mailbox not found or policy rejection (most common permanent failure — wrong address or blocked by receiving server). 554 — transaction failed, often "message rejected as spam" or a policy violation at the receiving end. When debugging email delivery, the bounce message body contains the exact 5xx code and the server's explanation.

SMTP vs IMAP/POP3

SMTP, IMAP, and POP3 are complementary protocols serving different directions. SMTP is outbound — it pushes messages from sender to recipient's mail server. IMAP (Internet Message Access Protocol, port 993 with TLS) and POP3 (Post Office Protocol, port 995 with TLS) are inbound — they allow mail clients to retrieve messages from the inbox on the mail server. IMAP keeps messages on the server and synchronises state across devices; POP3 typically downloads and deletes. A correctly configured mail client uses SMTP port 587 for sending and IMAP port 993 for receiving. You cannot retrieve email with SMTP, and you cannot send email with IMAP.

Email headers and the Received chain

Every SMTP hop adds a Received: header to the message, recording the handoff: the sending server's IP, the receiving server's hostname, and the timestamp. Reading Received headers from bottom to top traces the message's path from origin to inbox. The Message-ID header is a globally unique identifier assigned by the sending MTA, used to detect duplicate delivery and for threading. X-headers are non-standard headers added by spam filters, mailing list software, and mail providers — X-Spam-Score, X-Mailer, X-Forwarded-To. Examining the full headers of a suspicious email (available in every mail client via "View Source" or "Show Original") reveals the true origin path regardless of what the visible From field displays.

Frequently Asked Questions

What is the difference between SMTP ports 25, 465, and 587?

Port 25 is for server-to-server relay — blocked by most ISPs for home use. Port 465 is SMTP with implicit TLS (connect encrypted). Port 587 is the official submission port using STARTTLS. Email clients should use 587 or 465 — never 25.

Why does SMTP need authentication?

Without auth, any server could send mail as any address — the definition of an open relay, immediately blacklisted. SMTP AUTH requires username/password at the submission stage. Server-to-server relay uses SPF, DKIM, and DMARC instead of passwords for sender verification.

What is the difference between SMTP and IMAP/POP3?

SMTP sends email (outgoing). IMAP and POP3 receive email (incoming). A full email setup uses SMTP on port 587 for outgoing and IMAP on port 993 for incoming. They are complementary protocols, not alternatives.