Launch-Free 3 months Builder plan-
← Back to Blog
Pixel art lobster sending an email message — SMTP protocol how email sending works
emailinfrastructureguides

SMTP protocol: how email sending works under the hood

SMTP has powered email since 1982. Here's how the protocol actually works, step by step, from DNS lookups to TLS encryption and authentication.

8 min read
Samuel Chenard
Samuel ChenardCo-founder

Every email you've ever sent, whether it was a password reset or a 3am message to your coworker that probably should have waited until morning, traveled through the same protocol: SMTP. Simple Mail Transfer Protocol. It was first defined in 1982, and with some updates along the way, it still moves over 300 billion emails every day.

That's not a typo. A protocol older than most of the people reading this handles more daily traffic than any social network on earth. Understanding how SMTP works isn't just trivia. If you're building anything that sends email, this is the plumbing you're standing on.

What SMTP actually is#

SMTP is an application-layer protocol for transmitting email between servers. Jonathan Postel defined it in RFC 821 in August 1982, and RFC 5321 updated it substantially in 2008. The name tells you what it does: it transfers mail, simply.

Here's what trips people up: SMTP only handles sending. It pushes messages from one server to another. When you open Gmail and see your inbox, that's a different protocol (IMAP or POP3) pulling messages down to your client. SMTP is the delivery truck. IMAP is you checking your mailbox.

SMTP runs over TCP, typically on one of three ports:

  • Port 25 is for server-to-server relay. This is how mail servers talk to each other across the internet.
  • Port 587 is the submission port. Your email client or application submits outgoing mail to your server here, usually with authentication required.
  • Port 465 is for implicit TLS submission. Same purpose as 587, but the TLS handshake happens immediately instead of upgrading mid-connection.

If you're sending email from an application, you're almost certainly using port 587 or 465.

The SMTP conversation, step by step#

SMTP is text-based and follows a command-response pattern. When your server wants to deliver an email, it opens a TCP connection to the recipient's mail server and they have a structured conversation:

Client connects to mail.example.com on port 25
Server: 220 mail.example.com ESMTP ready
Client: EHLO sender.example.org
Server: 250-mail.example.com Hello
        250-STARTTLS
        250 OK
Client: MAIL FROM:<agent@sender.example.org>
Server: 250 OK
Client: RCPT TO:<hello@example.com>
Server: 250 OK
Client: DATA
Server: 354 Start mail input
Client: From: agent@sender.example.org
        To: hello@example.com
        Subject: Test message

        This is the body of the email.
        .
Server: 250 OK: queued as ABC123
Client: QUIT
Server: 221 Bye

That's the whole exchange. The client identifies itself (EHLO), declares who the mail is from (MAIL FROM), specifies the recipient (RCPT TO), transmits the message content (DATA), and disconnects (QUIT). The server responds with numeric status codes at each step.

Those three-digit codes tell you everything you need to know:

  • 2xx means success. Keep going.
  • 3xx means the server needs more input. After DATA, for example, it's waiting for the message body.
  • 4xx means temporary failure. Try again later.
  • 5xx means permanent failure. The message was rejected, and retrying won't change the outcome.

If you've ever encountered a 550 denied by policy bounce, that 5xx is SMTP telling you the recipient's server has permanently refused your message.

How your email finds the right server#

Before the SMTP conversation can begin, your server needs to know where to connect. That's where DNS comes in.

When you send an email to hello@example.com, your mail server queries DNS for the MX (Mail Exchanger) records of example.com. MX records specify which servers accept email for a domain, each with a priority number:

example.com.    MX    10    mail1.example.com.
example.com.    MX    20    mail2.example.com.

Lower priority values are tried first. Your server connects to mail1.example.com on port 25 and starts the SMTP handshake. If that server is unreachable, it falls back to mail2.example.com.

No MX records at all? The sending server tries the domain's A record as a last resort, though most production setups have explicit MX entries.

This lookup happens for every email. It's fast (usually cached by DNS resolvers), but it's running behind the scenes every single time.

Authentication: proving you're allowed to send#

Original SMTP has no built-in way to verify that the sender is who they claim to be. The MAIL FROM field is entirely self-reported. In 1982, the internet was a few hundred machines and everyone more or less trusted each other. Today, that trust gap is exactly why phishing and spam exist at the scale they do.

Three protocols were added over the decades to patch this hole.

SPF, or Sender Policy Framework, is a DNS TXT record listing which IP addresses are authorized to send email for your domain. When a receiving server gets a message claiming to be from your-domain.com, it checks the SPF record to see if the sending IP is on the approved list. Fail that check, and the email gets flagged.

DKIM (DomainKeys Identified Mail) takes a different approach. Your mail server signs each outgoing message with a private key. The matching public key lives in a DNS record. The receiving server checks the signature to confirm the message wasn't altered in transit and genuinely originated from your domain's infrastructure.

DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together with a policy. It tells receiving servers what to do when authentication fails: quarantine the message or reject it outright. DMARC also provides reporting, so you can see exactly who is sending email using your domain name.

If you're sending email from a custom domain without all three configured, your messages are probably landing in spam. Not because the content is bad, but because you haven't proven you're authorized to send.

Encryption in transit#

SMTP was originally plaintext. Every command and every email body transmitted in the clear. STARTTLS was added as an upgrade mechanism: after the initial TCP connection, the client asks to switch to encrypted, and if the server supports it, they negotiate a TLS session before continuing the conversation.

Port 465 skips that negotiation entirely. The connection is encrypted from the very first byte. It was actually deprecated in 1998, then reinstated in RFC 8314 (2018) because the industry recognized that implicit TLS is more secure than opportunistic STARTTLS, which can be stripped by a man-in-the-middle attack.

Today, over 90% of inbound Gmail traffic uses TLS encryption. The holdouts shrink every year.

Where SMTP gives you no help#

SMTP has proven remarkably durable for a 44-year-old protocol, but it has real blind spots. These become obvious the moment you're building automated systems instead of clicking "send" in a desktop client.

The protocol says nothing about warm-up. You can blast 500 messages from a brand-new IP address on day one and SMTP won't stop you. But the receiving servers' reputation systems will. They'll blocklist you, and SMTP provides zero warning before it happens. New senders need to ramp up volume gradually over weeks, and getting that wrong is one of the most common mistakes in agent email setups.

Reputation tracking lives entirely outside the protocol. It's per-IP and per-domain. If another sender on your shared IP is blasting spam, your deliverability suffers too. SMTP can't distinguish a legitimate sender on a bad IP from a bad sender, period.

Spam complaint signals travel through separate feedback loops (FBLs), not SMTP. When a recipient marks your email as spam, you might not find out for hours. Some providers don't participate in FBLs at all, leaving you permanently in the dark.

Bounce handling is its own engineering project. SMTP bounce messages (DSNs) arrive as new emails with formats that vary wildly between mail servers. Parsing them reliably across providers requires dedicated code and constant maintenance.

For anyone building automated email, these gaps around SMTP are where the real complexity lives. The protocol itself is straightforward. Everything surrounding it is what makes email genuinely hard. If you're building an agent that needs its own inbox, services like LobsterMail exist specifically to handle this infrastructure layer so the agent can focus on its actual job.

The full journey of an email#

Putting it all together, here's what happens when a message is sent:

  1. Your email client submits the message to your outgoing mail server via SMTP (port 587 or 465, authenticated and encrypted).
  2. Your server queries DNS for the recipient domain's MX records.
  3. Your server opens an SMTP connection to the recipient's mail server on port 25.
  4. They run through the EHLO, MAIL FROM, RCPT TO, and DATA exchange.
  5. The recipient's server checks SPF, DKIM, and DMARC authentication.
  6. If authentication passes, content filters run (spam scoring, malware scanning).
  7. The message is delivered to the recipient's mailbox.
  8. The recipient retrieves it via IMAP or POP3.

The whole process usually takes two to ten seconds. Sometimes longer if greylisting or retry queues are involved.

Forty-four years after RFC 821, that basic flow is unchanged. The security layers are thicker, the volumes are orders of magnitude higher, and spam filters use machine learning now. But at its core, SMTP is still two servers having a polite text conversation, one command at a time. If you're debugging email delivery issues, start with the SMTP response codes. They'll tell you exactly where the conversation broke down.

Frequently asked questions

What does SMTP stand for?

Simple Mail Transfer Protocol. It's the standard protocol for sending email between servers, originally defined in RFC 821 (1982) and updated in RFC 5321 (2008).

What port does SMTP use?

SMTP uses port 25 for server-to-server relay, port 587 for authenticated client submission, and port 465 for implicit TLS submission. Applications sending email typically use 587 or 465.

Is SMTP used for receiving email?

No. SMTP only handles sending and relaying messages between servers. Retrieving messages from your mailbox uses IMAP or POP3, which are separate protocols.

What's the difference between SMTP and IMAP?

SMTP pushes outgoing mail from sender to recipient server. IMAP lets you retrieve and manage messages already sitting in your mailbox. They handle opposite directions of the email flow.

What is an MX record?

An MX (Mail Exchanger) record is a DNS entry that tells sending servers which mail server accepts email for a given domain. Each MX record includes a priority value, and lower numbers are tried first.

Why do my emails land in spam even when SMTP accepted them?

An SMTP 250 response only means the recipient's server agreed to accept the message. It still runs spam filtering, checks SPF/DKIM/DMARC authentication, and scores content afterward. Passing the SMTP handshake doesn't guarantee inbox placement.

Is SMTP encrypted?

Not by default. Original SMTP is plaintext. Modern servers use STARTTLS (port 587) to upgrade connections to encrypted, or implicit TLS (port 465) for encryption from the first byte. Over 90% of Gmail inbound traffic now uses TLS.

What does a 550 SMTP error mean?

A 550 is a permanent rejection. The recipient's server refused your message and retrying won't help. Common causes include failed SPF/DMARC checks, blocklisted IPs, and policy violations. See our full 550 error guide for diagnosis steps.

What are SPF, DKIM, and DMARC?

They're authentication protocols layered on top of SMTP. SPF verifies the sender's IP is authorized for the domain. DKIM adds a cryptographic signature proving message integrity. DMARC sets a policy for handling authentication failures and enables reporting.

Can AI agents use SMTP to send email?

Yes, but agents face extra challenges around domain warm-up, IP reputation, and bounce parsing that SMTP doesn't address on its own. Infrastructure services like LobsterMail handle these layers so agents can send and receive without manual configuration.

What's the difference between port 25 and port 587?

Port 25 is for server-to-server mail relay across the internet. Port 587 is the submission port for clients and applications sending outgoing mail through their own mail server, typically requiring authentication before accepting messages.

How long does it take SMTP to deliver an email?

Usually two to ten seconds for the full journey. Greylisting (temporary rejection of first-time senders), DNS propagation delays, and retry queues can stretch delivery to minutes or even hours in some cases.

Related posts

Pixel art lobster working at a computer terminal with email — AI agent IT incident response email on-call notification

how AI agents send on-call email notifications for incident response

9 min read
Pixel art lobster working at a computer terminal with email — ai agent email not delivering fix

ai agent email not delivering? here's how to fix it

8 min read
Pixel art lobster working at a computer terminal with email — retool ai agent email workflow

building a retool ai agent email workflow that actually delivers

8 min read