SMTP

SMTP
Name	SMTP
Introduced	1982
Developer	Ray Tomlinson; Jon Postel; IETF
Standard	Request for Comments 821, 5321
Os	Cross-platform

SMTP

Simple Mail Transfer Protocol is the principal Internet protocol for sending electronic mail between Mail User Agents and Mail Transfer Agents, enabling message relay across networks and between hosts. It operates as a text-based, client–server protocol over reliable transport provided by Transmission Control Protocol and integrates with address schemes such as Internet Message Format and Domain Name System. SMTP underpins interoperability among major providers including Microsoft Exchange Server, Gmail, Yahoo Mail, and interoperates with standards bodies like the Internet Engineering Task Force and projects such as Sendmail.

Overview

SMTP defines a set of commands and reply codes for session negotiation between a sending client and a receiving server to transfer a message envelope and body. Deployments typically use Transmission Control Protocol port 25 for server-to-server relay, with alternate ports like 587 and 465 adopted by providers including Google and Mozilla for submission and secure transport. The protocol interacts with addressing and routing infrastructure such as Domain Name System MX records, and with store-and-forward systems exemplified by Postfix, Exim, and Sendmail.

History and Development

SMTP evolved from earlier mail transfer systems developed at MIT and BBN Technologies and was standardized during the early Internet era under the guidance of individuals like Jon Postel and Ray Tomlinson. Key milestones were captured in Request for Comments documents produced by the Internet Engineering Task Force and IETF working groups, including updates after experiences with systems from University of California, Berkeley and vendors such as IBM and Novell. Commercial and academic mail implementations from Digital Equipment Corporation and projects like Sendmail influenced extensions and operational practice adopted by ARPANET participants and later by global providers including Microsoft and Yahoo!.

Protocol Architecture and Operation

SMTP sessions begin with a TCP handshake between a client and server, followed by an ASCII command exchange modeled in RFCs produced by the IETF and discussed at venues like IETF IETF meetings. Clients issue commands such as HELO/EHLO, MAIL FROM, RCPT TO, and DATA to establish the envelope and transmit content; servers respond with three-digit reply codes compatible with implementations from Postfix, Exim, Sendmail, and Microsoft Exchange Server. Route determination uses Domain Name System MX lookups and local policy engines present in mail transfer systems from vendors such as IBM and Oracle. For secure transport, SMTP sessions are commonly wrapped with Transport Layer Security negotiated via STARTTLS as implemented by providers like Google and FastMail.

Message Format and Extensions

Message content conveyed over SMTP conforms to the Internet Message Format and MIME multipart structures defined in RFCs from the IETF and influenced by work at W3C on media types. Headers such as From, To, Date, and Subject are used by Mail User Agents like Mozilla Thunderbird and Microsoft Outlook to present messages; body parts often include attachments encoded via Base64 or quoted-printable techniques specified in standards discussed by IETF working groups. Extension mechanisms such as SMTP Service Extensions (ESMTP) allow capabilities negotiation via EHLO and support features including SIZE, 8BITMIME, and AUTH, which have been implemented across servers from Postfix, Exim, Sendmail, and cloud services like Amazon SES.

Security and Authentication

SMTP itself lacks inherent end-to-end encryption and authentication; mitigation involves layering protocols and standards produced by bodies like the IETF and organizations such as ICANN. STARTTLS enables opportunistic or mandatory transport security using TLS certificates issued by Certificate Authoritys such as Let's Encrypt and DigiCert. Authentication mechanisms include PLAIN, LOGIN, and CRAM-MD5 negotiated via AUTH, with modern deployments favoring OAuth 2.0 flows used by providers like Google and Microsoft to integrate with identity platforms such as Azure Active Directory. Anti-abuse measures rely on complementary systems like SPF, DKIM, and DMARC developed through collaboration among IETF, M3AAWG, and major providers including Yahoo and AOL.

Implementations and Servers

Open-source servers like Postfix, Exim, and Sendmail form the backbone of many mail infrastructures, while commercial offerings include Microsoft Exchange Server and hosted platforms such as Google Workspace and Amazon SES. Mail User Agents including Mozilla Thunderbird, Microsoft Outlook, and Apple Mail implement SMTP for outbound submission, often integrating with POP3 or IMAP servers from projects like Dovecot or vendor products from Zimbra. Email delivery at scale is supported by cloud services including SendGrid, Mailgun, and Amazon Simple Email Service, which interoperate with DNS ecosystems managed by registrars like GoDaddy.

Use Cases and Limitations

SMTP is used for transactional notification systems, mailing lists, newsletters, and inter-domain message relay among ISPs, enterprises, and cloud providers like Cloudflare and Akamai. Limitations include lack of native end-to-end confidentiality, susceptibility to spoofing without [SPF]/[DKIM]/[DMARC] protections, and challenges with high-volume delivery and deliverability governed by blacklists such as those maintained by Spamhaus and SORBS. Operational practices influenced by organizations like IETF and M3AAWG address rate limiting, greylisting, and reputation systems used by providers including Microsoft and Google to mitigate abuse.

Category:Internet protocols