Simple Mail Transfer Protocol (SMTP)

SMTP is the Internet standard protocol for sending and relaying email between servers. It defines client-server commands, extensions like STARTTLS and AUTH, and works with delivery and retrieval systems.

Overview

Simple Mail Transfer Protocol (SMTP) is the primary Internet protocol used to send electronic mail from one host to another. SMTP handles the transmission and relaying of messages between mail servers and accepts message submissions from mail clients. It is a text-based, command-response protocol that defines how mail transfer agents (MTAs) exchange messages across networks.

How SMTP works

In a typical delivery, a mail user agent (MUA) submits a message to an SMTP server for submission. The server then routes the message between MTAs until it reaches the recipient's mail server. That final server typically hands the message to a mail delivery agent (MDA) for storage. Common ports used include TCP port 25 for server-to-server transfers and port 587 for client submission; an alternate port (465) has also been used historically for encrypted SMTP.

Commands and extensions

SMTP exchanges a small set of plain-text commands such as HELO/EHLO, MAIL FROM, RCPT TO, and DATA. Modern implementations use Extended SMTP (ESMTP) to advertise and negotiate additional features. Widely deployed extensions include STARTTLS for opportunistic TLS encryption and AUTH for client authentication. For attachments and non-ASCII content, SMTP works together with formats like MIME to carry richer message bodies.

History and standards

SMTP was first specified in the early 1980s and later updated to account for modern usage and extensions. Core protocol specifications and updates are documented in the IETF standards and RFCs; for technical details see protocol documentation and common reference texts such as standards summaries. Implementations may support various ESMTP extensions to meet contemporary needs.

Security, authentication and abuse prevention

Because SMTP was originally designed without strong authentication, modern email infrastructure adds mechanisms to reduce spam and impersonation. Transport encryption with TLS, sender authentication with SMTP AUTH, and domain-level protections such as SPF, DKIM and DMARC help verify senders and reduce fraud. Operators also deploy rate limits, reputation systems, and filtering to combat unsolicited mail.

SMTP is concerned with sending and relaying messages, not with message retrieval. End users normally retrieve their mail from a server using IMAP or POP. For information on retrieval protocols see IMAP and POP. In practical deployments, SMTP, IMAP/POP, and webmail interfaces work together: SMTP transports messages, while IMAP or POP provide access to stored messages on the recipient's server.

Practical considerations

Administrators should ensure TLS is enabled and certificates are maintained to protect in-transit mail.
Proper DNS records (MX) and sender authentication records are essential for reliable delivery.
Logging and monitoring of SMTP traffic help detect abuse and misconfiguration.

Taken together, SMTP and its extensions form the backbone of Internet mail delivery, interacting with other standards and operational best practices to provide a functional, scalable messaging system.