Skip to content

SMTP - Simple Mail Transfer Protocol

Some protocols move files.
SMTP moves messages.
It is not about browsing or streaming. It is about delivering email from one server to another, reliably and simply.

What this page covers

  • What SMTP is and what it does
  • How it fits into the TCP/IP stack
  • Where its data comes from
  • How it is structured and used
  • How it can be abused or defended
  • Tools I use to explore it

This page is my reference for understanding SMTP as a mail protocol, a trust surface, and a delivery mechanism.

What SMTP Actually Is

SMTP is a protocol used to send email between servers.
It handles the transmission of messages from the sender’s mail server to the recipient’s mail server.

SMTP is used by:

  • Mail clients (via relays)
  • Web applications
  • Notification systems
  • Automated scripts

It is the backbone of email delivery across the internet.

How SMTP Lives in the TCP/IP Stack

  • OSI Layer: Application Layer (Layer 7)
  • Transport: TCP (usually port 25, 587, or 465)
  • Flow:
  • Client connects to SMTP server
  • Sends message headers and body
  • Server relays or stores the message

SMTP is often paired with POP3 or IMAP for receiving mail.
TLS can be added to secure the connection.

Where SMTP Data Comes From

SMTP messages are generated by:

  • User input in email clients
  • System alerts and logs
  • Web forms and contact pages
  • Automated services and bots

The data is often user-generated, but can also be system-generated or scripted.

How SMTP Works

  • Commands:
  • HELO / EHLO: identify the sender
  • MAIL FROM: specify sender address
  • RCPT TO: specify recipient
  • DATA: send message content

  • QUIT: close the session

  • Headers:

  • From, To, Subject, Date
  • MIME types for attachments and formatting

SMTP is simple and text-based.
It relies on trust between servers to relay messages.

SMTP and Security

SMTP can be abused in several ways:

  • Spam and phishing: sending malicious or deceptive emails
  • Open relays: allowing anyone to send mail through a server
  • Spoofing: forging sender addresses
  • Credential theft: stealing login info via fake login pages

Defenses include:

  • Authentication (SMTP AUTH)
  • Encryption (STARTTLS, SMTPS)
  • SPF, DKIM, and DMARC for sender validation
  • Rate limiting and spam filtering

Tools I Use to Explore SMTP

telnet

  • Manually connect to SMTP servers
  • Example: telnet mail.example.com 25

swaks

  • Scriptable SMTP testing tool
  • Example: swaks --to user@example.com --server smtp.example.com

nmap

  • Scan for SMTP services and banner info
  • Example: nmap -p 25,587,465 mail.example.com

These tools help me understand how SMTP communicates, how it can be tested, and how it can be secured.

Final Thought

SMTP is a courier.
It does not read messages, but it delivers them.
It is the protocol of transmission, of headers, and of trust.

This page is my study of that courier.
Not just how SMTP works, but how it can be protected, abused, and understood.