SMTP Protocol: commands, ports, and how email delivery works

SMTP (Simple Mail Transfer Protocol) is the protocol responsible for sending and relaying email. Every message you send passes through it. The protocol is defined in RFC 5321 and has been in use since 1982, when the original specification appeared as RFC 821.

How a message gets delivered

When you hit Send in your mail client, a short chain of hand-offs takes place:

1. Your mail client (MUA) connects to your provider's outgoing SMTP server (MTA).
2. That MTA looks up the recipient domain's MX record via DNS to find the destination server.
3. Your MTA opens an SMTP connection to the recipient's MTA and transfers the message.
4. The recipient's MTA passes it to an MDA (Mail Delivery Agent), which places it in the mailbox.

SMTP handles only transmission. Reading email uses different protocols: IMAP and POP3.

Core SMTP commands

SMTP is a text protocol. The client sends commands; the server replies with three-digit codes. The main commands are:

• EHLO (or HELO) — the greeting. The client identifies itself and asks the server which extensions it supports.
• MAIL FROM — sets the envelope sender address.
• RCPT TO — names a recipient. Call it multiple times to address multiple recipients.
• DATA — begins transmitting the message body (headers and content). A line containing only a period signals the end.
• QUIT — closes the session.

Extended SMTP (ESMTP, also RFC 5321) replaces HELO with EHLO and adds extensions for authentication (AUTH), encryption (STARTTLS), and message size negotiation (SIZE).

SMTP ports

Three ports are in common use, each for a different purpose:

• Port 25 is the standard server-to-server relay port (MTA-to-MTA). Most ISPs block it for residential connections to limit spam.
• Port 587 is the submission port for mail clients. It requires authentication, supports STARTTLS, and is the recommended port when configuring a mail client or third-party sending service.
• Port 465 is SMTP over SSL (SMTPS). It was deprecated for years, then RFC 8314 (2018) revived it as the implicit TLS submission port.

Response codes

Every server reply starts with a three-digit code. The first digit tells you the outcome class:

• 2xx — success. Code 250 means the command completed normally.
• 3xx — intermediate state. Code 354 means the server is waiting for message data after the DATA command.
• 4xx — temporary failure. Code 421 means the server is unavailable; code 450 means the mailbox is busy. Retry later.
• 5xx — permanent failure. Code 550 means the mailbox does not exist; code 553 means the address is invalid. Retrying will not help.

Protocol limitations

SMTP was designed for trusted networks in a much simpler era. Several gaps are patched by external additions rather than the protocol itself:

• No sender verification. Any server can put any address in MAIL FROM. SPF, DKIM, and DMARC address this.
• No encryption by default. Plain SMTP transmits data in cleartext. STARTTLS or implicit TLS on port 465 fix this.
• Message size limits. Most servers cap messages at 10-25 MB. Larger attachments need a different delivery method.

SMTP and email validation

SMTP verification uses the protocol to check whether an address actually exists. A validator connects to the server, runs EHLO and RCPT TO, but stops short of sending a message. A 250 response means the mailbox is accepted; 550 means it is not. This is one step in a multi-layer email verification process.