SMTP, or Simple Mail Transfer Protocol, is a communication protocol for electronic mail transmission. As an Internet standard, it is used to send email messages between servers. Most email systems that send mail over the Internet use SMTP to send messages from one server to another, and the messages can then be retrieved with an email client using either POP or IMAP.

The protocol for mail submission is the same, but uses port 587. SMTP connections secured by SSL, known as SMTPS, default to port 465 (nonstandard, but sometimes used for legacy reasons).

History of SMTP

The Simple Mail Transfer Protocol (SMTP) was first introduced in 1982 by the Internet Engineering Task Force (IETF). It was designed to support ASCII characters only, which posed a challenge for languages that use non-ASCII characters. This issue was later resolved with the introduction of the SMTPUTF8 extension.

SMTP has undergone several revisions since its initial introduction. The protocol was updated in 2008 to support international characters, and again in 2011 to include the ability to negotiate security enhancements.

SMTP and Internet Mail Architecture

SMTP is a key component of the Internet mail architecture. It is responsible for the delivery of email messages from a source address to a destination address. The protocol operates in the application layer of the Internet protocol suite. Its primary function is to ensure the reliable and efficient transfer of email between servers.

SMTP is a server-to-server protocol, meaning that email messages are not sent directly from the sender to the recipient. Instead, they are routed through a series of SMTP servers until they reach their destination.

SMTP’s Role in Email Transmission

SMTP plays a crucial role in the transmission of email. When an email is sent, it is divided into parts, each of which is transferred separately. SMTP is responsible for reassembling these parts at the destination server.

SMTP also plays a role in the delivery of email. Once an email has been reassembled at the destination server, SMTP ensures that it is delivered to the recipient’s mailbox.

How Does SMTP Work?

SMTP works by establishing a connection between the client and the server. Once this connection is established, the client sends a series of commands to the server. These commands include the sender’s email address, the recipient’s email address, and the body of the email.

The server responds to each command with a three-digit code. This code indicates whether the command was successful or not. If the command was successful, the client sends the next command. If the command was not successful, the client can either try again or terminate the connection.

SMTP Commands

SMTP uses a series of commands to facilitate the transfer of email. These commands include MAIL, RCPT, DATA, QUIT, and others. Each command serves a specific purpose in the email transfer process.

For example, the MAIL command is used to initiate a mail transaction. The RCPT command is used to identify the recipient of the email. The DATA command is used to send the body of the email.

SMTP Responses

SMTP servers respond to commands with three-digit codes. These codes are used to indicate the success or failure of a command. They also provide additional information about the status of the server.

For example, a response code of 250 indicates that the command was successful. A response code of 550 indicates that the command failed because the user’s mailbox was unavailable.

SMTP Security

SMTP was not originally designed with security in mind. As a result, it is vulnerable to a number of security issues, including spam, phishing, and man-in-the-middle attacks. However, several extensions have been developed to address these issues.

One such extension is STARTTLS. This extension allows SMTP servers to upgrade a plaintext connection to an encrypted (TLS or SSL) connection. This helps to protect the confidentiality and integrity of email messages as they are transferred between servers.

SMTP Authentication

SMTP authentication is a mechanism that allows the server to verify the identity of the client. This helps to prevent unauthorized users from sending email on behalf of a legitimate user.

There are several methods of SMTP authentication, including PLAIN, LOGIN, and CRAM-MD5. Each method has its own strengths and weaknesses, and the choice of method depends on the specific requirements of the server and client.

SMTP and Spam

SMTP is often used by spammers to send unsolicited email. This is because SMTP does not provide a mechanism for verifying the identity of the sender. As a result, spammers can easily forge the sender’s address and send email that appears to come from a legitimate source.

There are several techniques that can be used to combat spam, including greylisting, tarpitting, and spam filters. These techniques can be effective, but they also have their limitations and can sometimes result in legitimate email being blocked.

SMTP vs Other Email Protocols

SMTP is not the only protocol used for email transmission. Other protocols include POP (Post Office Protocol) and IMAP (Internet Message Access Protocol). These protocols are used for retrieving email from a server, whereas SMTP is used for sending email to a server.

One of the main differences between SMTP and these other protocols is that SMTP is a push protocol, while POP and IMAP are pull protocols. This means that SMTP pushes email to the server, while POP and IMAP pull email from the server.


POP is a simple protocol that allows a client to retrieve email from a server. Once the email has been retrieved, it is deleted from the server. This makes POP suitable for situations where the client only needs to access their email from a single device.

However, POP does not support many of the features that are standard in modern email systems, such as folders, flags, and search functionality. This makes it less suitable for situations where the client needs to access their email from multiple devices or needs to organize their email in a specific way.


IMAP is a more advanced protocol that allows a client to retrieve email from a server without deleting it. This makes IMAP suitable for situations where the client needs to access their email from multiple devices.

IMAP also supports many of the features that are standard in modern email systems, such as folders, flags, and search functionality. This makes it more suitable for situations where the client needs to organize their email in a specific way.


SMTP is a fundamental protocol that underpins the operation of email on the Internet. Despite its age and simplicity, it continues to be widely used due to its reliability and efficiency.

While SMTP has its limitations, particularly in terms of security, these issues can be mitigated through the use of extensions and additional protocols. As a result, SMTP remains a vital component of the Internet infrastructure.

Face à l'augmentation des menaces de cybersécurité, les entreprises doivent protéger tous leurs secteurs d'activité. Elles doivent notamment protéger leurs sites et applications web contre les robots, le spam et les abus. En particulier, les interactions web telles que les connexions, les enregistrements et les formulaires en ligne sont de plus en plus attaquées.

Pour sécuriser les interactions web d'une manière conviviale, entièrement accessible et respectueuse de la vie privée, Friendly Captcha offre une alternative sûre et invisible aux captchas traditionnels. Il est utilisé avec succès par de grandes entreprises, des gouvernements et des start-ups dans le monde entier.

Vous voulez protéger votre site web ? En savoir plus sur Friendly Captcha "