The Simple Mail Transfer Protocol (SMTP) is a networking standard for sending emails.
After reading this article you will be able to:
Related Content
Sign up to receive security learning articles from Cloudflare.
Copy article link
The Simple Mail Transfer Protocol (SMTP) is a technical standard for transmitting electronic mail (email) over a network. Like other networking protocols, SMTP allows computers and servers to exchange data regardless of their underlying hardware or software. Just as the use of a standardized form of addressing an envelope allows the postal service to operate, SMTP standardizes the way email travels from sender to recipient, making widespread email delivery possible.
SMTP is a mail delivery protocol, not a mail retrieval protocol. A postal service delivers mail to a mailbox, but the recipient still has to retrieve the mail from the mailbox. Similarly, SMTP delivers an email to an email provider's mail server, but separate protocols are used to retrieve that email from the mail server so the recipient can read it.
All networking protocols follow a predefined process for exchanging data. SMTP defines a process for exchanging data between an email client and a mail server. An email client is what a user interacts with: the computer or web application where they access and send emails. A mail server is a specialized computer for sending, receiving, and forwarding emails; users do not interact directly with mail servers.
Here is a summary of what passes between the email client and the mail server for an email to begin sending:
Usually, this first email server is not the actual email's final destination. The server, having received the email from the client, repeats this SMTP connection process with another mail server. That second server does the same, until finally the email reaches the recipient's inbox on a mail server controlled by the recipient's email provider.
Compare this process to the way a piece of mail travels from sender to recipient. A mail carrier does not take a letter directly from the sender to its recipient. Instead, the mail carrier brings the letter back to their post office. The post office ships the letter to another post office in another town, then another, and so on until the letter reaches the recipient. Similarly, emails go from server to server via SMTP until they arrive at the recipient's inbox.
The SMTP "envelope" is the set of information that the email client sends the mail server about where the email comes from and where it is going. The SMTP envelope is distinct from the email header and body and is not visible to the email recipient.
SMTP commands are predefined text-based instructions that tell a client or server what to do and how to handle any accompanying data. Think of them as buttons the client can press to get the server to accept data correctly.
HELO/EHLO
: These commands say "Hello" and start off the SMTP connection between client and server. "HELO
" is the basic version of this command; "EHLO
" is for a specialized type of SMTP.MAIL FROM
: This tells the server who is sending the email. If Alice were trying to email her friend Bob, a client might send "MAIL FROM:<alice@example.com>".RCPT TO
: This command is for listing the email's recipients. A client can send this command multiple times if there are multiple recipients. In the example above, Alice's email client would send "RCPT TO:<bob@example.com>".DATA
: This precedes the content of the email, like:
DATA
Date: Mon, 4 April 2022
From: Alice alice@example.com
Subject: Eggs benedict casserole
To: Bob bob@example.com
Hi Bob,
I will bring the eggs benedict casserole recipe on Friday.
-Alice
.
RSET
: This command resets the connection, removing all previously transferred information without closing the SMTP connection. RSET
is used if the client sent incorrect information.QUIT
: This ends the connection.An SMTP server is a mail server that can send and receive emails using the SMTP protocol. Email clients connect directly with the email provider's SMTP server to begin sending an email. Several different software programs run on an SMTP server:
In networking, a port is the virtual point where network data is received; think of it as the apartment number in the address of a piece of mail. Ports help computers sort networking data to the correct applications. Network security measures like firewalls can block unnecessary ports to prevent the sending and receiving of malicious data.
Historically, SMTP only used port 25. Today, port 25 is still in use for SMTP, but it can also use ports 465, 587, and 2525.
The Internet Message Access Protocol (IMAP) and Post Office Protocol (POP) are used to deliver the email to its final destination. The email client has to retrieve email from the final mail server in the chain in order to display the email to the user. The client uses IMAP or POP instead of SMTP for this purpose.
To understand the difference between SMTP and IMAP/POP, consider the difference between a plank of wood and a rope. A length of wood can be used to push something forward, but not pull it in. A rope can pull an item, but cannot push it. Similarly, SMTP "pushes" email to a mail server, but IMAP and POP "pull" it the rest of the way to the user's application.
Extended Simple Mail Transfer Protocol (ESMTP) is a version of the protocol that expands upon its original capabilities, enabling the sending of email attachments, the use of TLS, and other capabilities. Almost all email clients and email services use ESMTP, not basic SMTP.
ESMTP has some additional commands, including "EHLO
", an "extended hello" message that enables the use of ESMTP at the start of the connection.
Cloudflare Email Routing is designed to simplify creating and managing email addresses, without needing to keep an eye on additional mailboxes. With Email Routing, users can create any number of custom email addresses to use in situations where they do not want to share their primary email address. Emails are then routed to their preferred email inbox, without ever having to expose the primary email address.
Cloudflare Email Routing works by modifying the SMTP envelope of an email, leaving the header and body unaltered. To learn more, read our blog post.