SMTP (Simple Mail Transfer Protocol) – Complete Guide

1. What Is SMTP?

SMTP (Simple Mail Transfer Protocol) is the standard Application Layer protocol for transmitting email across the Internet. It is defined in RFC 5321 and operates at OSI Layer 7 over TCP. SMTP is a push protocol — it is used to send email from a client to a server, and to relay email between servers. It does not retrieve email for end users (that is the role of POP3 and IMAP).

Every time John clicks “Send” in Outlook, Gmail, or Thunderbird, SMTP is the protocol that carries his message from his mail client to his outgoing mail server, and then from server to server until it reaches the recipient’s mail server where it waits to be downloaded.

Related pages: Common Port Numbers | Network Ports | How DNS Works | DHCP | SSH & TLS Context | ACL Overview | NTP Time Synchronisation

2. How SMTP Works – Step-by-Step

  John's email client          John's SMTP server         Alice's mail server
  (Outlook / Gmail)            (smtp.john.com)            (mail.example.com)
         |                            |                           |
         |  SMTP (port 587)           |                           |
         |  EHLO + AUTH + MAIL        |                           |
         |———————————————>|                           |
         |  250 Ok, 354 Send data     |                           |
         |<———————————————|                           |
         |  (message)                 |  SMTP (port 25)           |
         |                            |  DNS MX lookup → RCPT     |
         |                            |———————————————>|
         |                            |  250 Ok                   |
         |                            |<———————————————|
         |                            |                  Alice retrieves via
         |                            |                  POP3 (port 110) or
         |                            |                  IMAP (port 143)
  1. John composes an email to [email protected] in his mail client.
  2. His client opens a TCP connection to his outgoing SMTP server (smtp.john.com) on port 587 and authenticates with SMTP AUTH (username and password).
  3. The SMTP session proceeds: EHLO identifies the client; MAIL FROM specifies the sender; RCPT TO specifies the recipient; DATA carries the message headers and body.
  4. John’s SMTP server performs a DNS MX record lookup for example.com to find Alice’s mail server address.
  5. John’s server relays the email to mail.example.com on port 25 (server-to-server SMTP).
  6. Alice’s mail server accepts and stores the message in her mailbox.
  7. When Alice opens her mail client, it retrieves the message using IMAP (port 143) or POP3 (port 110)not SMTP.

3. SMTP Ports

Port Name Encryption Use Case Current Status
25 SMTP None by default (STARTTLS optional) Server-to-server mail relay (MTA to MTA) Active — the standard port for inter-server delivery; ISPs often block port 25 outbound from residential IP addresses to prevent spam
587 SMTP Submission STARTTLS (upgrades to TLS after connection) Client to server email submission (Outlook, Thunderbird, Gmail) Recommended — the modern standard for all email client submission; requires SMTP AUTH
465 SMTPS (SMTP over SSL) Implicit TLS from the start of the connection Historically used for encrypted client-to-server submission Deprecated in RFC 8314 but still widely supported; some providers prefer it over 587

Key distinction: Port 25 is for server-to-server relay; port 587 is for client-to-server submission. End users should always configure their mail clients to use port 587 with STARTTLS and SMTP AUTH.

4. SMTP Commands

Command Full Name / Purpose Example Notes
HELO Hello — identifies the sending client to the server (basic) HELO mail.john.com Original greeting command; does not support extended features
EHLO Extended Hello — modern replacement for HELO; requests list of server extensions EHLO mail.john.com Server responds with supported extensions (STARTTLS, AUTH, SIZE, etc.); use EHLO instead of HELO
MAIL FROM: Specifies the envelope sender address (return path) MAIL FROM:<[email protected]> This is the “envelope from”; may differ from the From: header seen in the email client
RCPT TO: Specifies one recipient; repeat for multiple recipients RCPT TO:<[email protected]> Server accepts or rejects each address individually; 250 = accepted, 550 = rejected
DATA Signals start of the message body (headers + content) DATA Server responds 354; message ends with a line containing only a single period (.)
QUIT Terminates the SMTP session gracefully QUIT Server responds 221; TCP connection closes
STARTTLS Upgrades an existing plain-text connection to TLS encryption STARTTLS Only available if server advertised STARTTLS capability in EHLO response; used on port 587
AUTH Authenticates the client (SMTP AUTH) AUTH LOGIN Required on port 587; mechanisms include LOGIN, PLAIN, CRAM-MD5; credentials sent after STARTTLS
RSET Resets the current transaction without closing the session RSET Clears MAIL FROM and RCPT TO so a new message transaction can begin

5. Annotated SMTP Session

S: 220 smtp.example.com ESMTP Postfix (Ubuntu)    ← Server ready (220)
C: EHLO mail.john.com                             ← Client identifies itself (extended hello)
S: 250-smtp.example.com Hello mail.john.com
S: 250-SIZE 52428800                              ← Server extensions advertised
S: 250-STARTTLS
S: 250-AUTH LOGIN PLAIN
S: 250 HELP
C: STARTTLS                                       ← Client requests TLS upgrade
S: 220 2.0.0 Ready to start TLS
[TLS handshake completes; all further traffic is encrypted]
C: EHLO mail.john.com                             ← Client re-identifies after TLS
S: 250-smtp.example.com Hello mail.john.com
S: 250 AUTH LOGIN PLAIN
C: AUTH LOGIN                                     ← Client authenticates
S: 334 Username:
C: am9obg==                                      ← base64-encoded username
S: 334 Password:
C: cGFzc3dvcmQ=                                  ← base64-encoded password
S: 235 2.7.0 Authentication successful
C: MAIL FROM:<[email protected]>                    ← Envelope sender
S: 250 2.1.0 Ok
C: RCPT TO:<[email protected]>                  ← Recipient
S: 250 2.1.5 Ok
C: DATA                                           ← Start message
S: 354 End data with <CR><LF>.<CR><LF>
C: From: John <[email protected]>
C: To: Alice <[email protected]>
C: Subject: Hello
C:
C: Hi Alice, this is John.
C: .                                              ← Single dot ends message body
S: 250 2.0.0 Ok: queued as 12345
C: QUIT
S: 221 2.0.0 Bye                                  ← Session closed (221)

6. SMTP Response Codes

Code Class Meaning Common Trigger
220 2xx Success Service ready — server is ready to accept commands Initial connection greeting
221 2xx Success Service closing transmission channel — session is ending Response to QUIT
235 2xx Success Authentication successful Response to AUTH command
250 2xx Success Requested mail action completed successfully After EHLO, MAIL FROM, RCPT TO, DATA (message accepted)
354 3xx Positive Intermediate Start mail input; end with <CRLF>.<CRLF> Response to DATA command
421 4xx Transient Failure Service temporarily unavailable — server will retry delivery Server overloaded or temporarily down
450 4xx Transient Failure Mailbox unavailable (temporarily) — try again later Greylisting; temporary delivery failure
550 5xx Permanent Failure Mailbox unavailable or address rejected — will not retry Recipient address does not exist; sender on block list
551 5xx Permanent Failure User not local; forwarding service not supported Relay rejected for non-local recipient
552 5xx Permanent Failure Exceeded storage allocation — recipient mailbox is full Recipient over quota

Code class rule: 2xx = success; 3xx = waiting for more data; 4xx = temporary failure (sender should retry); 5xx = permanent failure (sender should not retry — this generates a bounce/NDR).

7. Authentication and Encryption

SMTP AUTH

SMTP AUTH (RFC 4954) requires the sending client to prove its identity with a username and password before the server accepts mail for relay. Without authentication, any device could use any mail server to send spam (an “open relay”). SMTP AUTH is mandatory on port 587 and is always combined with STARTTLS so credentials are never sent in plain text.

STARTTLS vs. Implicit TLS (SMTPS)

Mechanism Port How It Works When to Use
STARTTLS 587 Connection starts unencrypted on port 587; client sends STARTTLS command; TLS handshake occurs; all subsequent data is encrypted Current recommended approach for client submission; RFC 8314 mandates TLS for all submission
Implicit TLS (SMTPS) 465 TLS handshake occurs immediately when the TCP connection is established; there is no plain-text phase at all Technically simpler (no upgrade needed); deprecated in RFC 8314 but widely supported and used by some providers
No encryption 25 All traffic in plain text unless the server and peer negotiate STARTTLS opportunistically Server-to-server relay only; not for user client submission

8. SMTP Relay and Open Relay

SMTP relay is the normal process by which one mail server forwards an email to another mail server when the recipient is on a different domain. John’s MTA relays to Alice’s MTA by looking up the destination domain’s DNS MX record.

An open relay is a mail server misconfigured to accept email from any sender and forward it to any destination — without authentication or restriction. Open relays are heavily exploited by spammers who route millions of spam messages through them to obscure the true origin. Modern spam-filtering blacklists (RBLs — Realtime Blackhole Lists) quickly identify and block open relay IP addresses.

Relay Type Behaviour Security Risk Mitigation
Closed relay Only relays for authenticated users or trusted IP ranges None — correct configuration N/A — this is best practice
Open relay Accepts and forwards mail from any sender to any destination without authentication High — exploited for spam, phishing, and malware distribution Require SMTP AUTH; restrict relay by IP; test with MXToolbox Open Relay checker

9. Email Delivery Agents – MTA, MDA, and MUA

Agent Full Name Role Examples
MUA Mail User Agent The email application used by end users to compose, send, and read email Outlook, Thunderbird, Gmail web interface, Apple Mail
MTA Mail Transfer Agent Implements SMTP to receive mail from the MUA or another MTA, queue it, and forward it toward the destination Postfix, Sendmail, Exim, Microsoft Exchange, qmail
MDA Mail Delivery Agent Receives the email from the final MTA and delivers it into the recipient’s mailbox on the server Dovecot, Procmail, Maildrop

Full email flow: MUA (John’s Outlook) → SMTP (port 587) → John’s MTA → SMTP (port 25, DNS MX lookup) → Alice’s MTA → MDA (stores in mailbox) → IMAP/POP3 → Alice’s MUA.

10. SMTP vs. POP3 vs. IMAP

Feature SMTP POP3 IMAP
Purpose Send and relay email (outbound) Download email to local device (inbound) Access and sync email on server (inbound)
Protocol type Push Pull Pull (sync)
Standard ports 25 (relay), 587 (submission), 465 (SMTPS) 110 (plain), 995 (TLS) 143 (plain), 993 (TLS)
Mail storage Not involved in storage Downloads and (by default) deletes from server Keeps mail on server; synchronises across devices
Multiple devices N/A Poor — mail typically removed from server after download Excellent — all devices see the same inbox
Use today Universal — all email uses SMTP for delivery Declining — suitable for single-device access only Standard for all modern email clients

11. Common SMTP Server Software

Software Platform Notes
Postfix Linux / Unix Most widely deployed open-source MTA; known for security and performance; default on many distributions
Exim Linux / Unix Highly configurable; default MTA on Debian-based systems; used extensively by hosting providers
Sendmail Linux / Unix One of the oldest MTAs; complex configuration; largely replaced by Postfix and Exim in modern deployments
Microsoft Exchange Windows Enterprise mail server and collaboration platform; integrates SMTP with calendar, contacts, and Active Directory
Zimbra Linux (also cloud) Open-source collaboration server; includes webmail, calendar, and contacts alongside SMTP

12. Troubleshooting SMTP Issues

Problem Likely Cause Diagnostic Step Resolution
Email bounces with 550 Recipient address does not exist; sender IP is on a blacklist Check bounce message body for detail; look up sender IP on MXToolbox Correct the recipient address; delist IP from blacklist; check SPF/DKIM records
Cannot connect to port 587 Firewall blocking outbound port 587; ISP blocking telnet smtp.gmail.com 587 — should return 220 banner Open port 587 in firewall; verify ISP does not block it; try port 465 as fallback
Authentication failure (535) Wrong username or password; app-specific password required (Google, Microsoft) Check server logs for AUTH failure details Verify credentials; generate app-specific password if MFA is enabled
Emails land in spam Missing SPF, DKIM, or DMARC DNS records; sending from blacklisted IP Use MXToolbox Email Health test; check DNS for SPF/DKIM TXT records Publish SPF, DKIM, and DMARC records; warm up the sending IP reputation
Delayed delivery (421 / 450) Receiving server temporarily unavailable; greylisting Check SMTP queue on the sending MTA (mailq on Linux) Wait — MTA will retry automatically; greylisting delays resolve on retry 
! Test SMTP connectivity from command line:
telnet smtp.gmail.com 587       ! Should return: 220 smtp.gmail.com ESMTP

! On Linux, check the mail queue:
mailq                           ! List queued messages
postqueue -f                    ! Force immediate delivery attempt (Postfix)

! View recent SMTP log entries:
tail -f /var/log/mail.log       ! Debian/Ubuntu
tail -f /var/log/maillog        ! RHEL/CentOS

13. Key Points & CCNA Exam Tips

  • SMTP = Simple Mail Transfer Protocol — RFC 5321; OSI Layer 7; TCP; used to send email, not receive it
  • SMTP is a push protocol; POP3 and IMAP are pull protocols used by recipients to retrieve mail
  • Know all three SMTP ports: 25 (server-to-server relay), 587 (client submission + STARTTLS, recommended), 465 (SMTPS, implicit TLS, deprecated but still used)
  • Core SMTP commands: EHLO (extended greeting), MAIL FROM: (envelope sender), RCPT TO: (recipient), DATA (start message body), QUIT (end session)
  • Key response codes: 220 (server ready), 250 (action OK), 354 (send data), 421/450 (temporary failure — retry), 550 (permanent failure — bounce)
  • STARTTLS upgrades port 587 from plain-text to encrypted; implicit TLS (port 465) is encrypted from the first byte
  • SMTP AUTH requires client authentication before relaying; prevents open relay abuse
  • An open relay forwards mail from any source to any destination without auth; a major spam and security risk; causes IP blacklisting
  • DNS MX records tell a sending MTA which server to connect to for a given recipient domain
  • MTA (Mail Transfer Agent) implements SMTP for server-to-server relay; MUA is the user’s mail client; MDA delivers to the mailbox
  • Port 110 = POP3, not SMTP — a commonly tested distractor on the CCNA exam

SMTP (Simple Mail Transfer Protocol) Quiz

1. What does SMTP stand for?

Correct answer is A. SMTP stands for Simple Mail Transfer Protocol (RFC 5321). It is the standard Application Layer (OSI Layer 7) protocol for sending and relaying email across the Internet. It is a push protocol — it moves email from client to server and from server to server, but it does not retrieve email for end users (that role belongs to POP3 and IMAP).

2. Which port is the recommended standard for SMTP client email submission with STARTTLS?

Correct answer is C. Port 587 (SMTP Submission) is the recommended standard for email clients (Outlook, Thunderbird, Gmail) to submit outbound email. It uses STARTTLS to upgrade to an encrypted connection and requires SMTP AUTH. Port 25 is for server-to-server relay; port 465 (SMTPS) is deprecated but still used; port 21 is FTP.

3. What is the primary role of SMTP in email communication?

Correct answer is D. SMTP handles the outbound (sending) side of email: it carries messages from a user’s mail client to the outgoing mail server, and then relays them server-to-server until they reach the recipient’s domain. SMTP does not retrieve, store, or encrypt email on its own — those are the roles of IMAP/POP3 and TLS respectively.

4. Which SMTP command specifies the recipient’s email address?

Correct answer is B. RCPT TO: specifies the envelope recipient address. Multiple RCPT TO: commands can be issued in a single SMTP transaction to deliver to multiple recipients. The server responds to each one individually: 250 = accepted, 550 = address not found/rejected. MAIL FROM: specifies the sender’s address.

5. What is an SMTP open relay?

Correct answer is A. An open relay accepts and forwards email from any sender to any recipient without requiring authentication. Spammers exploit open relays to route millions of spam messages while obscuring their origin. Open relay IP addresses are quickly added to RBL (Realtime Blackhole Lists), causing all email from that IP to be rejected. Prevention: require SMTP AUTH and restrict relay to authenticated users or trusted IP ranges.

6. What does the SMTP EHLO command do?

Correct answer is D. EHLO (Extended Hello) is the modern replacement for HELO. It identifies the sending client and requests the server’s list of supported extensions (STARTTLS, AUTH, SIZE, etc.). The server responds with a list of capabilities. Always use EHLO; HELO only identifies the client but does not negotiate extensions.

7. Which SMTP response code indicates the server is ready to accept commands?

Correct answer is C. 220 is the greeting banner a client sees immediately after opening a TCP connection to an SMTP server — it means the service is ready. 250 means a command was accepted successfully. 354 means “start sending message data now.” 550 is a permanent failure (mailbox unavailable or rejected).

8. Why is SMTP AUTH important for outbound mail servers?

Correct answer is B. SMTP AUTH forces any client that wants to use the server as a relay to prove their identity first. Without AUTH, an open relay would allow anyone to send spam through the server. SMTP AUTH is always used together with STARTTLS on port 587 so that credentials are never transmitted in plain text.

9. Which of these is NOT a standard SMTP port?

Correct answer is A. Port 110 is POP3 (Post Office Protocol v3) — used by email clients to download messages from a mail server. The SMTP ports are: 25 (server-to-server relay), 587 (client submission + STARTTLS), and 465 (SMTPS, implicit TLS). This is a commonly tested distractor on the CCNA exam.

10. What role does a Mail Transfer Agent (MTA) play in email delivery?

Correct answer is D. An MTA (Mail Transfer Agent) is the server software that implements SMTP. It accepts incoming email (from MUAs on port 587 or from other MTAs on port 25), queues it, performs DNS MX lookups to find the next-hop server, and relays the message. Examples include Postfix, Exim, and Microsoft Exchange. The MDA (Mail Delivery Agent) handles the final step of storing email in the recipient’s mailbox.

← Back to Home