What SMTP Does
SMTP is a push protocol: it moves email outward from sender toward recipient. When you click Send in your email client, the client uses SMTP to submit the message to your outgoing mail server. That server uses SMTP again to deliver the message to the recipient's mail server. If the destination cannot be reached immediately, your server queues the message and retries at intervals — typically for up to five days before returning a bounce message to the sender.
SMTP does not handle reading email. Once a message arrives at the recipient's mail server, it sits in a mailbox. The recipient's email client uses IMAP or POP3 to access that mailbox. SMTP is purely a delivery mechanism — think of it as the postal carrier, not the mailbox itself.
The SMTP Conversation
SMTP is a text-based protocol with a simple command-response structure. When two mail servers connect, they exchange a short dialog before any message is transferred. The sending server opens with EHLO yourdomain.com (Extended Hello), identifying itself and requesting a list of the receiving server's capabilities. The receiving server responds with a list of supported extensions such as STARTTLS, SIZE, and AUTH.
The sender then issues MAIL FROM:<sender@example.com> to specify the envelope sender address, followed by one or more RCPT TO:<recipient@example.com> commands for each recipient. After the receiving server acknowledges each recipient, the sender issues DATA, transmits the full message headers and body, and ends the message with a single period on its own line. The session closes with QUIT. This entire dialog typically completes in under a second on a healthy network.
Envelope vs Message Headers
A subtle but important distinction in SMTP: there are two sets of addresses. The envelope addresses are the MAIL FROM and RCPT TO commands exchanged during the SMTP conversation — these are what mail servers actually use for routing and bounce handling. The message headers are the From:, To:, and Reply-To: lines inside the message body itself — these are what your email client displays.
These two sets of addresses can be different. A message can have a From: header showing ceo@bigbank.com while the envelope MAIL FROM is completely different. This is the mechanism behind email spoofing — the display name and address shown to the recipient do not have to match the actual sending server. SPF, DKIM, and DMARC exist specifically to close this gap.
SMTP Ports
Three ports are associated with SMTP, each with a distinct role. Port 25 is the original SMTP port, defined in RFC 821 (1982) for server-to-server delivery. Because port 25 is the path between mail servers on the public internet, most ISPs block outbound connections to port 25 from consumer and business internet connections to prevent spam from compromised machines. Port 587 (the submission port, RFC 6409) is for mail clients submitting email to their outgoing mail server. It requires authentication and STARTTLS. Port 465 was briefly assigned as SMTPS (SMTP over implicit TLS) in the 1990s, then de-assigned, but so many mail clients implemented it that RFC 8314 (2018) formally revived it as an alternative to port 587 with implicit TLS.
STARTTLS vs Implicit TLS
STARTTLS is an extension that upgrades a plain-text connection to TLS within the same TCP session. The client connects on port 587 (or 25), receives the server's capability list, then sends the STARTTLS command. Both sides perform a TLS handshake on the existing connection. All subsequent SMTP commands and message data travel over the encrypted channel. Implicit TLS (port 465) takes a different approach: the TLS handshake happens immediately on connection before any SMTP commands are exchanged. Neither approach is inherently more secure today — both result in full TLS encryption — but implicit TLS on port 465 is slightly simpler because there is no plain-text phase at all.
MX Records: How SMTP Finds the Destination
When your mail server needs to deliver a message to user@example.com, it does not know the IP address of example.com's mail server directly. Instead, it queries DNS for MX (Mail Exchanger) records for the domain example.com. DNS returns a list of hostnames, each with a priority number (lower is higher priority). The sending server connects to the highest-priority MX host on port 25 and attempts delivery. If that server is unreachable or rejects the connection, it tries the next MX in priority order. This MX lookup happens for every outbound delivery and is the foundation of internet email routing.
Email Authentication: SPF, DKIM, and DMARC
SPF (Sender Policy Framework) is a DNS TXT record that lists the IP addresses authorized to send email for a domain. A receiving mail server checks whether the sending server's IP appears in the sender domain's SPF record. If it does not, the message fails SPF. DKIM (DomainKeys Identified Mail) adds a cryptographic signature to the message headers. The sending server signs outgoing messages with a private key; the public key is published in DNS. Receiving servers verify the signature, confirming the message was not altered in transit and originated from an authorized server.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) ties SPF and DKIM together with a policy. A DMARC DNS record instructs receiving servers what to do when a message fails both SPF and DKIM checks: none (do nothing, just report), quarantine (send to spam), or reject (refuse the message entirely). DMARC also provides a reporting mechanism — receiving servers send aggregate and forensic reports back to the domain owner, giving visibility into who is sending mail claiming to be from that domain.
SMTP Ports at a Glance
| Port | Purpose | Encryption | Authentication Required | Who Uses It | ISP Blocking |
|---|---|---|---|---|---|
| 25 | Server-to-server delivery (MTA to MTA) | Optional (STARTTLS) | No (IP-based trust) | Mail servers only | Often blocked for end users |
| 587 | Client submission to outgoing server | STARTTLS (required) | Yes (AUTH) | Email clients and apps | Rarely blocked |
| 465 | Client submission with implicit TLS | Implicit TLS (immediate) | Yes (AUTH) | Email clients and apps | Rarely blocked |
Frequently Asked Questions
What is the difference between SMTP port 25 and 587?
Port 25 is the original SMTP port, used for server-to-server email delivery (MTA to MTA). Most ISPs block outbound port 25 from residential and business connections to prevent spam from compromised machines. Port 587 is the submission port, defined by RFC 6409, intended for mail clients sending email to their outgoing mail server. Port 587 requires STARTTLS encryption and AUTH authentication, making it appropriate for end-user clients. Use port 587 for configuring email clients and applications; port 25 is handled automatically by mail servers.
What is STARTTLS in SMTP?
STARTTLS is an SMTP extension that upgrades a plain-text SMTP connection to an encrypted TLS connection within the same TCP session. The client connects on port 587 (or 25), the server announces STARTTLS support in its EHLO response, and the client sends the STARTTLS command to initiate TLS negotiation. Everything after that point is encrypted. STARTTLS is opportunistic — it upgrades if available — whereas implicit TLS (port 465) starts the TLS handshake immediately on connection.
How does email know where to deliver a message?
SMTP uses DNS MX (Mail Exchanger) records to find the mail server responsible for a domain. When delivering email to user@example.com, the sending mail server queries DNS for MX records for example.com. DNS returns one or more hostnames with priority values (lower number = higher priority). The sending server connects to the highest-priority MX host on port 25 and delivers the message. If the primary MX is unreachable, it tries lower-priority MX records. This is how email automatically routes across the internet without any central directory.
What is an SMTP relay?
An SMTP relay is a mail server that accepts email from one server and forwards it toward the final destination. Legitimate uses include transactional email services (SendGrid, AWS SES, Postmark) that relay application email on behalf of customers, and internal mail gateways that route outbound email through a central point for logging or filtering. An open relay is a server that relays email for anyone without authentication — historically a major spam problem. Modern mail servers reject relay attempts from unauthenticated senders by default.
What is the difference between SMTP and IMAP?
SMTP and IMAP handle opposite directions of email flow. SMTP (ports 25, 587, 465) pushes email from sender to recipient — it is used for sending and for server-to-server delivery. IMAP (port 993) is used by email clients to retrieve and manage email that is already stored on a mail server. When you send an email, your client uses SMTP to submit it. When you check your inbox, your client uses IMAP to read what has arrived. Both protocols are required for a complete email system.
Why does my email go to spam?
Email is typically flagged as spam when SPF, DKIM, or DMARC checks fail, signaling to the recipient's mail server that the sending server is not authorized by the domain owner. Other factors include sending from an IP address with a poor reputation, using a domain with no history, sending to recipients who previously marked your mail as spam, missing or mismatched reverse DNS (PTR records), and content that pattern-matches known spam. Publishing correct SPF and DKIM records, and setting a DMARC policy, are the most impactful technical steps for improving deliverability.