What is SMTP? And how does SMTP authentication help fight spam?

Whenever you send an email, the process would not be possible without the SMTP protocol. It’s used by mail servers to relay outgoing email messages from the senders and to the recipients. Unfortunately, spammers started abusing a loophole in the protocol – until SMTP authentication put a stop to this trick.
Young businesswoman sitting at her desk and working on computer in office
Without the SMTP server, your sent email would go nowhere

SMTP is a protocol, or process, used to send and receive emails.  As this process has evolved, SMTP authentication has become an important step. It helps to ensure that only authorized users can send and receive emails, which in turn cuts down on email spoofing, phishing, and other forms of spam. So, it is essential that users have SMTP authentication activated in your email settings. How does that work? We’re glad you asked!

Today, we’ll answer your questions about SMTP and SMTP authentication:

  1. What does SMTP mean?
  2. What is an SMTP server?
  3. What is SMTP authentication?
  4. How does SMTP authentication stop unsolicited spam mails?
  5. How do I configure SMTP authentication?
  6. Why can SMTP authentication fail?
  7. How do I fix SMTP authentication?

What does SMTP mean?

The acronym SMTP stands for “Simple Mail Transfer Protocol.”  In the context of emailing, a “protocol” is simply a set of rules that lets different email programs and accounts exchange information. SMTP is used in the process of sending emails from one account to another via the internet. As a protocol dedicated to the sending of emails, it is different from the other two most common email protocols, POP and IMAP – it is used for “pushing” or sending emails from one mail server to another, while POP and IMAP are used for “pulling” or receiving mail from the associated email server. This means POP and IMAP can only transfer mail between verified mail servers, while SMTP allows communication to “unknown” mail servers.

What is an SMTP server?

When you write an email and click “Send,” your message is transmitted to a SMTP server after first being translated into a string of code. The SMTP server processes this code, decides which server to send your message to and then relays the email. It also will send a message back to the SMTP sender if it can’t be delivered – like if you used an incorrect email address. Email services like mail.com have their own SMTP servers, usually named something like ‘smtp.mail.com.’

What is SMTP authentication?

In a nutshell, SMTP authentication is the process used by the email program, also called the “email client,” to identify itself to an SMTP server. This process usually involves providing a username and password to the SMTP server, which is then used to verify the identity of the client before allowing it to send or receive emails.

SMTP setup and SMTP authentication are not something that email users usually need to worry about if they use their email service provider’s mail application. For example, if you have a mail.com email account and you use the mail.com webmailer and/or the mail.com mobile app to receive and send emails, SMTP authentication is automatically configured for you. However, if you use a third-party email client like Outlook to send and receive mail, you may have to go to your email account settings to enter your SMTP server information and login credentials. While you’re there, it’s a good idea to make sure that SMTP authentication has been activated.

How does SMTP authentication stop unsolicited spam emails?

Email has been with us for more than fifty years, and it makes sense that some finetuning of the SMTP processes has taken place along the way. The original SMTP, for instance, was introduced in 1981 and had some features that made it impractical for modern use. One example is the use of open relays, which meant user authentication was not performed by default and all emails were transferred regardless of the sender or recipient address – opening the door to mass spam mailings. New versions of SMTP have been introduced over the years, such as SMTP-after-POP, followed by extended SMTP (ESMTP) in 1995, and SMTP authentication, also known as SMTP-AUTH or ASMTP, in the late 1990s.

With the new protocols in place, an authentication mechanism (like a password) is necessary to log in to an email service provider’s SMTP server. This means that only verified users can send messages via that server – providing a basic level of security against the sending of unsolicited spam and phishing emails. Without authentication, it was possible for spammers to use open servers to send emails with made-up email addresses. Nowadays, an email sent from a server that does not use SMTP-AUTH may be returned to the sender with an “Authentication Failed” error message.

How do I configure SMTP authentication?

In most email programs, SMTP authentication is automatically configured when you create a new email account. If you have set up your own email in a third-party email application like Outlook or Thunderbird, you may wish to check your email account settings to ensure that SMTP-AUTH has been activated (for instructions, please see the support pages of your specific email program). For example, to configure SMTP authentication in MS Outlook you can:

  1. Go to your Account Settings.
  2. Select Server Settings.
  3. Select Outgoing mail. You should now see your email provider’s SMTP server and SMTP port displayed.
  4. Check the box “My outgoing (SMTP) server requires authentication” and select your preferred authentication option.
  5. Click Next to save your changes.

Why can SMTP authentication fail?

Have you ever received an “Authentication Failed” error message from your email program? You may recall that in this context, “authentication” usually means providing a username and password to prove that you are authorized to send an email. If a SMTP server rejects these credentials, an “SMTP Authentication Failed” error is the result. 

In addition to incorrect or outdated credentials, SMTP authentication can fail for other reasons, such as an issue with the SMTP server, incorrect server settings, or a problem with the email client. It is also possible that SMTP authentication is disabled on the server or that authentication is failing due to a firewall blocking the connection.

How do I fix SMTP authentication?

If you are experiencing a problem with SMTP authentication, you probably won’t be able send any emails until it is resolved, although you may still be able to receive emails. So, what can you do?

The first step to fixing SMTP authentication is to check your email program’s SMTP settings to make sure your username and password are correct. Next, make sure that you have saved the correct SMTP server settings. If you are not sure, check with your email provider to make sure that you have the correct SMTP server name, port number and encryption type. If you are still having trouble, or if you are not using a third-party email client, you should contact your email provider for more assistance.

Did our deep dive on SMTP authentication give you the answers you need? Then please give us a thumbs-up below!

This article first appeared on February 13, 2022 and was updated on January 4, 2023.

Images: 1&1/GettyImages

242 people found this article helpful.

Related articles

What is a no-reply email – and what happens if you reply?

Ask the expert: How to protect yourself from spam and phishing

Unsubscribe email scam: How to protect yourself