Knowledge Base · Email

How SMTP works (sending email)

SMTP is the protocol that moves email from sender to server to inbox. Here is the actual conversation it has, command by command, and why mail you send sometimes never arrives.

What SMTP is

SMTP, the Simple Mail Transfer Protocol, is how email is sent and relayed between servers. It is a push protocol: a client hands a message to a server, which relays it toward the recipient’s mail server. (Getting mail back out of a mailbox is a different job, see POP3 vs IMAP.) It rides on TCP, like HTTP.

The SMTP conversation

SMTP is a line-based, human-readable exchange of commands and numeric replies. Here is a real send, with the client (C:) and server (S:) lines:

S: 220 mail.example.com ESMTP ready
C: EHLO client.example.org
S: 250-mail.example.com Hello client.example.org
S: 250-STARTTLS
S: 250 AUTH LOGIN PLAIN
C: MAIL FROM:<alice@example.org>          # the envelope sender
S: 250 OK
C: RCPT TO:<bob@example.com>              # one per recipient
S: 250 OK
C: DATA
S: 354 End data with <CRLF>.<CRLF>
C: From: Alice <alice@example.org>        # headers (what the inbox shows)
C: To: Bob <bob@example.com>
C: Subject: Hello
C:                                        # blank line ends the headers
C: Hi Bob, this is the message body.
C: .                                      # a lone dot ends the message
S: 250 OK queued as 9F3C1
C: QUIT
S: 221 Bye
  • EHLO (or HELO): the client greets the server and discovers its capabilities.
  • MAIL FROM: declares the envelope sender (the return-path).
  • RCPT TO: declares each recipient; repeated once per address.
  • DATA: everything after is the message (headers, a blank line, then the body), ended by a line containing only a dot.
  • QUIT: ends the session.

Ports and encryption

PortUsed forEncryption
25Server-to-server relay (MTA to MTA)Opportunistic (STARTTLS if offered)
587Authenticated client submissionSTARTTLS (the modern default)
465Authenticated submissionImplicit TLS (encrypted from byte one)

Port 25 is widely blocked for end-user clients to curb spam, which is why apps submit on 587 or 465.

Envelope vs headers, the part that confuses everyone

The MAIL FROM / RCPT TO you send in the conversation are the envelope, that is what actually routes the mail. The From: and To: lines inside the DATA block are just headers the mail client displays. They do not have to match the envelope, which is exactly why email spoofing was easy for decades, and why the anti-spoofing checks below exist.

Why your mail gets blocked

Deliverability now depends on three DNS records that prove a message is legitimately from your domain:

RecordWhat it provesLives in
SPFWhich servers are allowed to send for your domainDNS TXT record
DKIMThe message was cryptographically signed by your domainDNS public key + message signature
DMARCPolicy tying SPF/DKIM to the visible From:, and what to do on failureDNS TXT record

Miss these and even genuine mail lands in spam or is rejected outright with a 5xx.

FAQ

Does SMTP receive mail too?

Servers receive over SMTP when relaying mail toward its destination, but end users read their mailbox with POP3 or IMAP. SMTP's job is moving mail toward the recipient, not serving a mailbox.

Why port 587 instead of 25?

Port 25 is for server-to-server relay and is widely blocked for client use to curb spam. Authenticated submission from an app or mail client uses port 587 (with STARTTLS) or 465 (implicit TLS).

STARTTLS vs implicit TLS, what is the difference?

With STARTTLS (typically port 587) the connection starts in plaintext and upgrades to encryption with the STARTTLS command. With implicit TLS (port 465) the whole connection is encrypted from the first byte. Both end up encrypted; 465 just never has a plaintext phase.

What is the difference between the envelope and the headers?

The MAIL FROM and RCPT TO sent in the conversation are the envelope, that is what actually routes the mail. The From: and To: lines inside the DATA block are headers the mail client displays, and they do not have to match the envelope. That mismatch is exactly why spoofing was easy and why SPF/DKIM/DMARC exist.

What is a 4xx vs a 5xx reply?

Every command gets a numeric reply: 2xx means success, 4xx is a temporary failure (the sender should retry later), and 5xx is a permanent rejection (the message is refused and will not be retried).

Why does my mail land in spam or get rejected?

Deliverability depends on three DNS records that prove a message is genuinely from your domain: SPF (which servers may send), DKIM (a cryptographic signature), and DMARC (a policy tying those to the visible From). Miss them and even legitimate mail is filtered or bounced with a 5xx.

Can I send an email by hand?

Historically yes, SMTP is line-based and human-readable, so you could type the commands over a raw TCP connection (the transcript on this page is exactly that). Today submission requires authentication and TLS, so you would go through an authenticated client, but the conversation underneath is unchanged.

Related concepts

POP3 vs IMAP (reading mail) · HTTP explained · Base64 (how attachments are encoded) · What is RSS · all references.

☕ KB Cafe Classic

KB Cafe’s “How to SMTP” write-ups were a go-to developer reference in the era when people still spoke SMTP by hand to debug a mail server, and Rmail (RSS-to-email) ran on this very plumbing. This is the modern restoration: the same protocol, the same transcript, updated for today’s TLS and deliverability rules.