SMTP may seem complicated with its protocols, ports, servers, and providers, but it doesn’t need to be. We’re covering it all to help you fully understand SMTP.

What Is Simple Mail Transfer Protocol?

Simple Mail Transfer Protocol (SMTP) is the protocol used by email servers to send, receive, or relay outgoing mail between users.

SMTP is one of the core technologies behind email, yet many of us do not know much about it. If you have ever configured an email client application on your computer (like Outlook, Thunderbird, Apple Mail, or Windows Mail), then you are more likely to have encountered SMTP at least once.

What Is SMTP? | Servers, Ports, and More

Let’s distinguish two important terms before discussing SMTP in detail:

  • Email servers are pieces of software on a computer that handle the routing, sending, and receiving of mail. These servers can run on any computer (so long as they are designed for a given operating system) and will handle operations without manual control from an administrator.
  • Email clients are stand-alone pieces of software that can connect to servers and use them locally on a user’s machine. When using a client, you aren’t sending an email directly from your computer. Instead, you are using local tools (processing, formatting, etc.) and then sending the email through a different server, which handles routing.

It is important to understand that transactions occur through what’s known as an SMTP server, which is part of a more comprehensive server. For example, you could have a dedicated computer that serves only as a server or run the software on a multipurpose computer. An SMTP server would potentially be part of that software.

In either case, the “SMTP” part of email controls incoming and outgoing mail through a few basic mechanisms. These mechanisms include the following:

  • An SMTP Server: You must have a software platform installed and running on your computer to send and receive messages. This server must be configured to accept and send email. Furthermore, an email client connecting to that software must know those configuration details.
  • An SMTP Server Location: Dedicated servers will often have an address used to connect to that server. For example, you can use a client to connect to Google servers at and send mail using that email server.
  • Dedicated Port Connections: The email server will dedicate one or more ports, network connections represented numerically in your computer system, exclusively to send and receive email. Commonly, servers will default to ports 25 for plaintext emails and 587 for encrypted emails.

The original SMTP protocol only handles plaintext emails with basic commands that two SMTP servers can use to exchange information. These commands include the following:

  • HELO or EHLO: When SMTP sends a message it connects to a receiving server, it identifies itself as a server (and thus capable of exchanging emails) using this command. The sending computer provides the HELO command, and the receiving computer sends another HELO command back with IP address or domain information.
  • MAIL FROM: This includes information about who the message is from and signals that an email transaction is beginning. Once accepted, the receiving computer takes the MAIL FROM address and sends an OK reply code.
  • RCPT TO: Following the OK code, the sending computer provides this command that outlines the email address the message is intended for. This process can continue multiple times if there are multiple recipients.
  • DATA: Once the recipients are all logged, the sending computer will then transfer message contents to the receiving server. The sending computer will end a transmission with a single line containing a single dot, signaling the end of transmission, and the receiving computer will signal with an OK command. After that OK command, the receiving server will send the message to the email addresses from the RCPT TO command.
  • QUIT: The sending computer sends this command to end the transmission.

While this seems like a cumbersome process, especially for millions of emails per day, the truth is that each command only takes a fraction of a second.

We mentioned that SMTP uses plaintext to send information. There is an extension of SMTP, called Simple Mail Transfer Protocol Secure (SMTPS), that uses SSL or TLS for encryption rather than connecting through TCP. Many providers, like Google, will default to TLS so long as both sender and receiver also use TLS. Otherwise, they will send the email unencrypted.

What Are the Differences Between SMTP, POP, and IMAP?

SMTP is not the only protocol in use throughout the world. Most email servers and providers will also implement additional protocols to handle different types of usage. Two of the most common protocols are Post Office Protocol (POP) and Internet Message Access Protocol (IMAP).

What are the differences between these three protocols?

  • Pushing vs. Pulling: SMTP can handle sending, receiving, and routing mail between servers—even unknown servers. This means that SMTP is the foundational protocol that connects emailers across the world. POP and IMAP, however, handle “pulling” emails from one computer to another. For example, a client connected to a server can use the SMTP component of that server to send and receive emails, but it uses either POP (currently POP3) or IMAP to pull emails to the local machine to store and read.
  • Downloading vs. Syncing: Connecting a client to a server via POP sets up a system where the client will establish a single connection to the server, download all available emails, and store them locally in the user’s machine. IMAP will do the same, but because IMAP functions as a cloud service, it supports syncing of your server configuration across multiple devices—web interfaces, mobile clients, and computer clients. Any change on one device will sync across multiple devices. This is the most commonly used email protocol for pulling emails today.

10 Best Practices for Protecting Sensitive Content

What Are the Benefits and Challenges of Using SMTP Servers?

Like any technology, using SMTP (or deploying your own servers) can present challenges even as they provide significant benefits.

Some of the primary benefits and challenges of using or deploying your own server include the following:

  • No Volume Limits: Owning and operating your own server can free you from constraints that ISPs place on email volume. If you operate marketing or other services, this could help you better manage your email volume.
  • Monitoring and Privacy: You control ongoing monitoring, security, and privacy. Your data is secure, your email lists remain private, and you can have more say in compliance and security measures.
  • Costs: Setting up, deploying, managing, monitoring, and maintaining a server can become costly, especially if you have to hire any staff to manage configurations and technical issues. This is especially true if you have any compliance requirements or security needs that call for extensive technical expertise.
  • Local and Vulnerable: Unless you have backup cloud services for email, your server is vulnerable to shutdown. Power loss, hacks, or other network problems could knock out your entire email system.

Very few organizations manage their own email these days. This is because third-party  servers have huge benefits over on-premises solutions:

  • More Cost-efficient: Managed servers are, generally, much cheaper to purchase and use than on-premises solutions. That’s because vendors distribute costs over multiple vendors and make managing dedicated email servers cheaper. Furthermore, you’re not spending money on dedicated IT teams just to manage email—a major way to reduce costs in terms of money and labor.
  • Security, Privacy, and Compliance : While it might seem counterintuitive, having a third party manage your email services promotes better security practices. Since these parties are more focused and invested in a single set of priorities (namely, email and related technology), there is not an issue of lack of workforce or expertise.
  • Reliability: System outages are not a major problem with a third-party provider. Yes, they still happen, but not at the same rate and not with the same ramifications. Even with system outages, most providers will have backups and redundancies to keep the service up and running.

The only major drawback of using a third-party email provider is that you do not control the servers and implementation. This means that you may not have the same configurations, backups, or compliance practices that you would in-house.

Want To Learn More About SMTP?

SMTP is the core of email communication. With the foundation of SMTP, engineers have developed rich text and HTML emails, cross-platform email access for mobile, web, and desktop users, and even the ability to embed media into an email safely.

If you want to learn more on how Kiteworks employs SMTP, schedule a custom tailored demo with our team.


Back to Risk & Compliance Glossary


Get email updates with our latest blogs news