What is SMTP? And how does SMTP authentication help fight spam?

Whenever you send an email, the process would not be possible without the SMTP protocol. It’s used by mail servers to relay outgoing email messages from the senders and to the recipients.
Young business woman sitting at her desk and working on computer in office
Without the SMTP server, your sent email would go nowhere
Unfortunately, spammers started abusing a loophole in the protocol – until SMTP authentication put a stop to this trick.

What does SMTP mean?

The acronym SMTP stands for “Simple Mail Transfer Protocol.”  In the context of emailing, a “protocol” is simply a set of rules that lets different email programs and accounts exchange information. So SMTP is used in the process of sending emails from one account to another via the internet. As a protocol dedicated to the sending of emails, it is different from the other two most common email protocols, POP and IMAP – it is used for “pushing” or sending email from one mail server to another, while POP and IMAP are used for “pulling” or receiving mail from the associated email server. This means POP and IMAP can only transfer mail between verified mail servers, while SMTP allows communication to “unknown” mail servers.

What is an SMTP server?

When you write an email and click send, your message is transmitted to an SMTP server after first being translated into a string of code. The SMTP server processes this code, decides which server to send your message to and then relays the email. It also will send a message back to the SMTP sender if the email can’t be delivered – like if you used an incorrect email address. Email services like mail.com have their own SMTP servers, usually named something like smtp.mail.com.

What is SMTP authentication?

Email has been with us for fifty years now, and it makes sense that some finetuning of the processes has taken place along the way. The original SMTP, for instance, was introduced in 1981 and had some features that made it impractical for modern use. One example is the use of open relays, which meant user authentication was not performed by default and all emails were relayed regardless of the sender or recipient address – opening the door to mass spam mailings. New versions of SMTP have been introduced over the years, such as SMTP-after-POP, followed by extended SMTP (ESMTP) in 1995, and SMTP authentication, also known as SMTP-AUTH or ASMTP, in the late 1990s.

How SMTP authentication stops unsolicited spam mails

With the new protocols in place, an authentication mechanism (like a password) is necessary to log in to an email service provider’s SMTP server. This means that only verified users can send messages via that server – providing a basic level of security against the sending of unsolicited spam and phishing emails. Without authentication, it was possible for spammers to use open servers to send emails with invented email addresses. Nowadays, email sent from a server that does not use SMTP-AUTH may be returned to the sender with an “Authentication Failed” error message.

How to configure SMTP authentication

In most email programs, SMTP authentication is automatically configured when you create a new email account. If you have set up your own email in a third-party email application like Outlook or Thunderbird, you may wish to check your email account settings to ensure that SMTP-AUTH has been activated (for instructions please see the support pages of your specific email program). For example, to configure SMTP authentication in MS Outlook you can:
  1. Go to your Account Settings.
  2. Select Server Settings.
  3. Select Outgoing mail. You should now see your email provider’s SMTP server and SMTP port displayed.
  4. Check the box “My outgoing (SMTP) server requires authentication” and select your preferred authentication option.
  5. Click Next to save your changes.
Did you find this information on SMTP interesting? Then give us a thumbs-up below!

Images: 1&1/Getty Images

130 people found this article helpful.

Related articles

How to stop spam text messages: Prevent, block and report

How do I know if my email was hacked? Warning signs and what to do

Why can’t I sign in to my mail.com email account?