As the internet contributes more and more to our lives, communicating through email becomes more common. Millions of emails are“send” sent every second, but what actually happens when you click that “send” button? After reading this blog, you will have a deeper understanding of how emails are sent from one user to another!
Email Servers
An email server is a computer system that sends and receives emails using email protocols (more on them later). Most individuals and organizations tend to use web-based email clients (like Gmail), however, some businesses invest in their own servers for extra security.
An understanding of email servers is useful given the frequency we use emails. It is also important to understand that not emails are sent with good intentions. In fact, it is quite often the case that emails serve as a way to spread malicious code!
Email Protocols
What does SMTP do?
Simple Mail Transfer Protocol, more commonly known as SMTP, is considered the standard protocol for sending emails. This protocol is the one used only for sending emails and not retrieving them. SMTP uses TCP to ensure that the content being sent does not get corrupted or lost during transmission.
What does IMAP do?
IMAP stands for Internet Message Access Protocol and is used for retrieving emails. IMAP allows you to read the email directly from the email server. The emails on the server are downloaded to your device and synchronized with the email server so that the actions you do on one device (archive, delete, etc.) will carry over to your other devices.
What does POP3 do?
Post Office Protocol Version 3 (POP3) has a similar function to IMAP and enables you to retrieve emails. However, POP3 does not synchronize the email server with the email client. Rather, when you download the contents of an email from the server, they are removed from the server. For example, if you were to access your emails from your phone, you would not be able to
Email Process
Now that you know what email servers are and what protocols enable them to function, it is time to look at what actually happens when you send an email!
When you click send, the email is sent to your email client. Once the email client receives your email, it gets the SMTP server’s attention through a “hello” command.
After that, the SMTP grabs the email and sends it to the client’s Mail Transfer Agent (MTA). Think of the SMTP as the mail carrier that just picked up your package and sent it to the local post office. Because of how large the internet is, it would be impossible for this MTA to be tasked with sending your email start to the recipient’s inbox. Rather, the task of the MTA is to send the email closer and closer to the recipient’s inbox.
Now that the email has been sent to the MTA, it requests the MX record of the recipient’s domain from the DNS server in order to establish the pathway required to reach the recipient’s inbox. Using this record, the MTA sends the email to an MTA which is closer to the recipient’s inbox. Then the MTA repeats the process.
Eventually, the email will be sent to the recipient’s MTA which will know exactly what to do with it. This MTA calls on the SMTP server to send the email to the client’s email server. But before the email is sent to the server, it needs to pass through the spam filter (more on this in the next section). Finally, the email gets marked for their inbox (using POP3/IMAP) and sits on their server until they read it.
Spam Filters
Spam is unsolicited bulk email. It has many different forms, but usually they either come from companies trying to sell some products, cyber criminals attempting to get you to click on links containing malicious code, or scammers looking to persuade you into sharing your credit card information. Therefore, it is necessary for email servers to put filters in place to limit the amount of spam users are being sent.
The details of how spam filters work remain disclosed by companies in order to avoid spam creators countering their techniques. However, some well-known techniques include:
- evaluating IP address reputation (has this IP sent suspicious emails before?)
- scanning content for common attacks
- checking if attachments lead to suspicious sites
Sometimes you’ll see strange spam emails which seemingly have no point. In reality, these types of spam emails are created to test what beats the spam filter and what doesn’t. It’s just a way for spammers to test the waters before sending in their actual attack!
Even if the spam email makes it to your inbox, many e-mail clients are capable of detecting spam. So there are many levels of protection in place to ensure you and I are kept safe from evil scammers! But just for good measure always double check the domain of an email and hover over any links before clicking on them.
Below is a spam email I found in my spam folder on Gmail and the many red flags that it had:
Response Codes
SMTP response codes are issued by a server in response to a request made to the server. These codes consist of three digits. The first number determines the request’s success:
- 2xx – The requested action was completed successfully
- 3xx – The command was completed, but the request is pending
- 4xx – The command was rejected and the request was not complete. This error is temporary and may eventually turn into a completed request.
- 5xx – The SMTP client Should not repeat the exact same message
Common Status Codes
Thanks for reading
I know this blog contained a lot of information and details, but these are the details that allow us to email people across the world without even thinking about it!