Home Intro SMTP POP3 IMAP MIME Viruses & WormsJunk Mail Mail Client Webmail History of Mail Project Info

What is SMTP?

Whenever someone sends an email, the message has to be tranfered across the internet. Although the actual transmission (TCP/IP, etc.) of the data will not be covered here (as it would be an entire project by itself), we'll look at the workings of SMTP from a more specific perspective.

When the send button is clicked, the sender's computer engages in a "conversation" with an ISP over the internet. This process can be done by a human through a program like telnet.

A sample SMTP Session

The following is an actual SMTP session. In this case, I'm sending a message to using my ISP, Telus. If you have access to a command line (I used the UNIX prompt in Mac OS X), you can follow along. The black, bold text is what you have to send to the ISP (be sure to use your own ISP, email addresses, and message where the text it italicised. The respnse from your server will vary accordingly. The server may also prompt for a usernasme and password.)

telnet mail.telus.net 25220 priv-edtnes40.telusplanet.net ESMTP server (InterMail vM.6.01.05.04 201-2131-123-105-20051025) ready Thu, 2 Mar 2006 09:54:00 -0700 HELO 250 priv-edtnes40.telusplanet.net MAIL FROM: Me <my_email_address@telus.net> 250 Sender <my_email_address@telus.net> Ok RCPT TO: Recipient <> 250 Recipient <> Ok DATA 354 Ok Send data ending with <CRLF>.<CRLF> Subject: Hello there!
From: Me <my_email_address@telus.net>
To: Recipient <>

Hello! How's it going over there?

.



SMTP Flaws

Unfortunately, SMTP is limited and as thus open to spammers. One could insert almost anything in the "MAIL FROM:" field, thus allowing me to send a message appearing to be from you (this practice is known as phishing).

SMTP-AUTH

In an attempt to combat this plague, the SMTP-AUTH was created. SMTP-AUTH functions in a simple way. Before allowing a user to send an email, the sending server (the sender's ISP) prompts for a username and password. (This is why you may have had to enter a username and password if trying out the above example) Unfortuantely, this only adds a thin film of resistance. Once the sender gets a username and password, the SMTP server acts as normal (and still allows the sender to fake the "From" header). As a result, in order for SMTP-AUTH to function, the ISP / Sending server must fully trust all of its users, tagging all outgoing messages as "Authenticated" and the recipient server must fully trust the sending server, becuase an untruysted sending server could put a false tag on the message. For these reasons, SMTP-AUTH is rarely used to its full extent, and is unsupported by many ISPs.

New Email Authentication Methods

There are other methods of autenticating email messages. Unfortnately, almost all are impractical. Checks to the sending server are possible, but mail forwarders can interfere with these sorts of methods. Some hope that new mail protocols maybe be eventually implemented, but SMTP has been accepted everywhere as the standard, so replacing it would be far too complex.

↑ Back to Top

Valid CSS and XHTML 1.1. Best viewed with a really great browser (Safari or Konqueror)