How SMTP works (sending email)
SMTP is the protocol that moves email from sender to server to inbox. Here is the actual conversation it has, command by command, and why mail you send sometimes never arrives.
What SMTP is
SMTP, the Simple Mail Transfer Protocol, is how email is sent and relayed between servers. It is a push protocol: a client hands a message to a server, which relays it toward the recipient’s mail server. (Getting mail back out of a mailbox is a different job, see POP3 vs IMAP.) It rides on TCP, like HTTP.
The SMTP conversation
SMTP is a line-based, human-readable exchange of commands and numeric replies. Here is a real send, with the
client (C:) and server (S:) lines:
S: 220 mail.example.com ESMTP ready
C: EHLO client.example.org
S: 250-mail.example.com Hello client.example.org
S: 250-STARTTLS
S: 250 AUTH LOGIN PLAIN
C: MAIL FROM:<alice@example.org> # the envelope sender
S: 250 OK
C: RCPT TO:<bob@example.com> # one per recipient
S: 250 OK
C: DATA
S: 354 End data with <CRLF>.<CRLF>
C: From: Alice <alice@example.org> # headers (what the inbox shows)
C: To: Bob <bob@example.com>
C: Subject: Hello
C: # blank line ends the headers
C: Hi Bob, this is the message body.
C: . # a lone dot ends the message
S: 250 OK queued as 9F3C1
C: QUIT
S: 221 Bye EHLO(orHELO): the client greets the server and discovers its capabilities.MAIL FROM: declares the envelope sender (the return-path).RCPT TO: declares each recipient; repeated once per address.DATA: everything after is the message (headers, a blank line, then the body), ended by a line containing only a dot.QUIT: ends the session.
Ports and encryption
| Port | Used for | Encryption |
|---|---|---|
| 25 | Server-to-server relay (MTA to MTA) | Opportunistic (STARTTLS if offered) |
| 587 | Authenticated client submission | STARTTLS (the modern default) |
| 465 | Authenticated submission | Implicit TLS (encrypted from byte one) |
Port 25 is widely blocked for end-user clients to curb spam, which is why apps submit on 587 or 465.
Envelope vs headers, the part that confuses everyone
The MAIL FROM / RCPT TO you send in the conversation are the envelope,
that is what actually routes the mail. The From: and To: lines inside the
DATA block are just headers the mail client displays. They do not have to match the envelope,
which is exactly why email spoofing was easy for decades, and why the anti-spoofing checks below exist.
Why your mail gets blocked
Deliverability now depends on three DNS records that prove a message is legitimately from your domain:
| Record | What it proves | Lives in |
|---|---|---|
| SPF | Which servers are allowed to send for your domain | DNS TXT record |
| DKIM | The message was cryptographically signed by your domain | DNS public key + message signature |
| DMARC | Policy tying SPF/DKIM to the visible From:, and what to do on failure | DNS TXT record |
Miss these and even genuine mail lands in spam or is rejected outright with a 5xx.
FAQ
Does SMTP receive mail too?
Servers receive over SMTP when relaying mail toward its destination, but end users read their mailbox with POP3 or IMAP. SMTP's job is moving mail toward the recipient, not serving a mailbox.
Why port 587 instead of 25?
Port 25 is for server-to-server relay and is widely blocked for client use to curb spam. Authenticated submission from an app or mail client uses port 587 (with STARTTLS) or 465 (implicit TLS).
STARTTLS vs implicit TLS, what is the difference?
With STARTTLS (typically port 587) the connection starts in plaintext and upgrades to encryption with the STARTTLS command. With implicit TLS (port 465) the whole connection is encrypted from the first byte. Both end up encrypted; 465 just never has a plaintext phase.
What is the difference between the envelope and the headers?
The MAIL FROM and RCPT TO sent in the conversation are the envelope, that is what actually routes the mail. The From: and To: lines inside the DATA block are headers the mail client displays, and they do not have to match the envelope. That mismatch is exactly why spoofing was easy and why SPF/DKIM/DMARC exist.
What is a 4xx vs a 5xx reply?
Every command gets a numeric reply: 2xx means success, 4xx is a temporary failure (the sender should retry later), and 5xx is a permanent rejection (the message is refused and will not be retried).
Why does my mail land in spam or get rejected?
Deliverability depends on three DNS records that prove a message is genuinely from your domain: SPF (which servers may send), DKIM (a cryptographic signature), and DMARC (a policy tying those to the visible From). Miss them and even legitimate mail is filtered or bounced with a 5xx.
Can I send an email by hand?
Historically yes, SMTP is line-based and human-readable, so you could type the commands over a raw TCP connection (the transcript on this page is exactly that). Today submission requires authentication and TLS, so you would go through an authenticated client, but the conversation underneath is unchanged.
Related concepts
POP3 vs IMAP (reading mail) · HTTP explained · Base64 (how attachments are encoded) · What is RSS · all references.
KB Cafe’s “How to SMTP” write-ups were a go-to developer reference in the era when people still spoke SMTP by hand to debug a mail server, and Rmail (RSS-to-email) ran on this very plumbing. This is the modern restoration: the same protocol, the same transcript, updated for today’s TLS and deliverability rules.