SMTP — Simple Mail Transfer Protocol — is the standard internet protocol for sending email. Every message you send travels through SMTP servers before reaching its destination, whether you’re emailing a colleague or blasting a newsletter to thousands of subscribers.
The protocol works like a digital postal service. SMTP handles the sending side of email (pushing messages from your client to a server, then relaying them across networks), while separate protocols like IMAP and POP3 handle the receiving side (pulling messages into your inbox).
Understanding SMTP is important because misconfigurations can cause silent delivery failures. Your emails might leave your outbox but never arrive — and without proper email infrastructure setup, you won’t know until someone complains.
In this article, we’ll explore some core SMTP concepts, including:
- Server address (where to send)
- Port number (which door to use)
- Encryption (how to protect data)
- Authentication (proving you’re allowed to send)
How does SMTP move email across the internet?
SMTP is a text-based, connection-oriented protocol that moves email from point A to point B using standardized commands.
The protocol operates through a client-server model — when sending, your mail server acts as the SMTP client; when receiving, it acts as the SMTP server.
The process resembles a conversation between machines, with each step requiring acknowledgment before proceeding.
The journey
When you hit “send,” your email passes through several specialized agents before reaching the recipient’s mailbox.
| Agent | Full name | Role |
| MUA | Mail User Agent | Your email app (Gmail, Outlook) |
| MSA | Mail Submission Agent | Verifies headers, checks formatting |
| MTA | Mail Transfer Agent | Routes and relays across networks |
| MDA | Mail Delivery Agent | Places message in recipient’s mailbox |
The handshake
SMTP communication follows a structured dialogue between client and server.
| Command | Function |
| HELO/EHLO | Client introduces itself |
| MAIL FROM | Identifies sender address |
| RCPT TO | Specifies recipient |
| DATA | Signals message content start |
| QUIT | Ends session |
The server responds to each command with a three-digit status code. Codes starting with 2 mean success (250 = “OK”), codes starting with 4 indicate temporary failures (try again later), and codes starting with 5 signal permanent errors requiring fixes before retrying.
Store and forward
If the destination server is unavailable, SMTP holds your message temporarily and retries at intervals. After repeated failures (typically 24-72 hours), the email bounces back as undeliverable — contributing to your bounce rate.
Which SMTP port should you use?
Port selection determines how your connection is established and secured. Four ports handle SMTP traffic, each serving different purposes and carrying different security implications.
| Port | Name | Encryption | Use case |
| 587 | Submission | STARTTLS | Modern standard for sending |
| 465 | SMTPS | Implicit SSL | Legacy secure connections |
| 25 | Relay | None/optional | Server-to-server only |
| 2525 | Alternative | STARTTLS | Fallback when 587 is blocked |
Port 587
Port 587 is the recommended choice for email submission. The connection starts unencrypted, then “upgrades” to TLS through the STARTTLS command — a process that works reliably across different software configurations.
Most email providers (Gmail SMTP, Outlook SMTP, Yahoo) require port 587 for client-to-server communication. The port mandates authentication, which prevents unauthorized relay and reduces spam abuse.
Port 465
Port 465 encrypts immediately from the first byte (implicit SSL). While technically deprecated by standards bodies, many providers still support it. Use 465 if your application specifically requires immediate encryption or if port 587 connections fail.
Port 25
Port 25 is the original SMTP port, now reserved primarily for server-to-server relay. Most ISPs block port 25 for residential and small business users as a spam prevention measure — so it won’t work for typical email sending from client applications.
Port 2525
Port 2525 isn’t officially standardized but is widely supported as a backup. If your network blocks port 587 (some corporate firewalls do), try 2525 — it supports the same STARTTLS encryption.
How does SMTP authentication protect email?
Original SMTP (designed in 1982) had no authentication — anyone could send email claiming to be anyone else. Modern SMTP fixes this through several layers of identity verification that prevent spoofing and unauthorized relay.
SMTP-AUTH
SMTP-AUTH requires a username and password before the server accepts email for delivery. The extension closes “open relays” that spammers historically exploited to send millions of fraudulent messages.
Authentication credentials typically include:
- Username (full email address)
- Password (account password or app password)
- Encryption method (TLS or SSL)
App passwords
Two-factor authentication creates a complication — SMTP clients can’t complete verification prompts like SMS codes or authenticator apps. App passwords solve the problem with 16-character codes that bypass 2FA for specific applications.
If your email provider enforces 2FA (which most now do), standard passwords won’t work for SMTP connections. You’ll need to generate app-specific credentials through your account security settings — a step that catches many users off guard when connections suddenly fail.
OAuth 2.0
OAuth 2.0 authenticates through tokens rather than stored passwords. The method is more secure (credentials never get stored in the application) and works naturally with 2FA. Modern email clients increasingly support OAuth, though many WordPress plugins and legacy software still rely on password-based authentication.
Why do emails fail SMTP delivery?
SMTP errors fall into two categories: temporary failures (4xx codes) suggesting you retry later, and permanent failures (5xx codes) requiring specific fixes before the server will accept your message.
Authentication failures
Error 535 signals incorrect credentials — the most common cause of SMTP problems.
Typical culprits include:
- App password revoked or expired
- 2FA enabled without generating an app password
- Password changed without updating SMTP settings
- Username is missing the full @domain.com address
Connection issues
Errors 101, 111, and 421 indicate the client couldn’t reach the server at all. Common causes include:
- Incorrect server address
- DNS resolution problems
- Firewall intercepting SMTP traffic
- Port 25 blocked by ISP (switch to 587)
Relay denials
Error 554 (“Relay Access Denied”) means the server refused to forward your email — usually because authentication failed or you’re not on a trusted sender list. SMTP relay services solve this for high-volume senders who need authorized forwarding.
Resource limits
Most providers cap sending volume to prevent abuse.
| Account type | Daily limit |
| Free Gmail | 500 emails |
| Google Workspace | 2,000 emails |
| Workspace Relay | 10,000 emails |
Exceeding limits triggers temporary blocks. Error 552 indicates messages too large (reduce attachment size), while 452 suggests server storage exceeded temporarily.
Why does SMTP security matter for deliverability?
SMTP’s original design lacked encryption and authentication — making it vulnerable to spoofing, interception, and abuse. Modern implementations layer multiple security mechanisms that directly affect whether your emails reach inboxes or land in spam.
Encryption
TLS (Transport Layer Security) encrypts SMTP connections, protecting credentials and message content from interception during transmission.
| Method | Port | How it works |
| STARTTLS | 587 | Upgrades plain text to encrypted |
| Implicit TLS | 465 | Encrypts from the first byte |
Without encryption, anyone on the network path could read your emails in plain text. Always use TLS-enabled ports for any sensitive communication.
DNS authentication
SMTP-AUTH only verifies server access — not sender identity. Three DNS-based frameworks prevent domain spoofing and directly impact deliverability:
- SPF record lists authorized sending IP addresses
- DKIM adds a cryptographic signature to headers
- DMARC tells receivers how to handle failures
Missing authentication records cause emails to land in spam (or get rejected entirely). Gmail and Yahoo now require these records for bulk senders — and enforcement only gets stricter.
Reputation
Receiving servers check IP reputation before accepting messages.
Senders with poor history (spam complaints, spam trap hits, suspicious patterns) face email filtering regardless of authentication.
Building reputation requires consistent, legitimate sending over time — which is why email warmup exists for new domains and IP addresses.
Where does SMTP fall short?
SMTP was designed for a trusted network of colleagues exchanging plain text in 1982. The protocol has significant constraints that modern extensions work around — but limitations remain.
Technical constraints
- Push only (sends email but can’t retrieve it)
- Size limits (most servers reject messages over 25 MB)
- No session management (unlike HTTP, can’t maintain state)
- 7-bit ASCII only (can’t natively handle multimedia or non-Latin characters without MIME)
Security gaps
- No built-in authentication (added later through extensions)
- Plain text by default (encryption requires explicit configuration)
- Easy spoofing (anyone can claim any “From” address without SPF/DKIM/DMARC)
Operational challenges
- Port 25 is blocked by most ISPs
- Daily sending quotas vary wildly by provider
- Multiple relay hops increase latency and failure points
- Single server failures stop delivery entirely
For high-volume or mission-critical sending, dedicated SMTP relay services offer redundancy, higher limits, and better reputation management than standard email provider infrastructure.
How do you configure SMTP settings correctly?
SMTP configuration requires four pieces of information: server address, port, encryption method, and authentication credentials. Getting any one wrong causes silent failures.
Common servers
The settings for common servers include:
| Provider | SMTP server | Port |
| Gmail | smtp.gmail.com | 587 |
| Outlook | smtp-mail.outlook.com | 587 |
| Yahoo | smtp.mail.yahoo.com | 587 |
| iCloud | smtp.mail.me.com | 587 |
Configuration checklist
Before connecting any application:
- Verify server address matches your provider exactly
- Select port 587 with TLS (or 465 with SSL)
- Enable authentication
- Use app password if 2FA is enabled
- Set “From” address to match authenticated account
Testing
After configuration, send a test email to confirm settings work. Failed tests typically indicate:
- Server address typo
- Wrong port selected
- Firewall blocking connection
- Incorrect password (or app password needed)
A deliverability test reveals whether messages reach inboxes or land in spam — the SMTP transaction might succeed while recipients never see your email.
Configuration is just the beginning
SMTP settings control whether emails leave your application.
Deliverability — whether messages reach inboxes — depends on authentication, reputation, and sending patterns that extend beyond basic configuration.
Organizations that send significant volumes often find that correct SMTP settings don’t prevent spam folder placement. DNS records need proper configuration.
New domains need a gradual warmup, and sending patterns should be consistent rather than sudden bursts that trigger filters.
EmailWarmup.com helps senders build the reputation that determines deliverability:
- Free deliverability test across 50+ providers
- Personalized warmup matching your sending patterns
- 24/7 human support from deliverability specialists
- Inbox rates up to 98% on Pro accounts
Correct SMTP configuration is the foundation. Reputation gets you into inboxes.
Schedule a free consultation with an email deliverability expert today.
Frequently asked questions
Here are some commonly asked questions about SMTP:
SMTP stands for Simple Mail Transfer Protocol. The protocol has governed email transmission since 1982, providing standardized commands that allow different mail servers to communicate regardless of their underlying hardware or software. SMTP handles only outgoing email — separate protocols like IMAP and POP3 handle retrieval.
SMTP sends email while IMAP retrieves it. SMTP pushes messages from your client to servers and relays them across the internet to recipients. IMAP pulls messages from the server to your inbox and keeps them synchronized across multiple devices. You need both protocols for complete email functionality.
Port 587 requires authentication and supports TLS encryption, making it more secure than port 25. Most ISPs also block port 25 for residential users to prevent spam from compromised computers, so it won’t work for typical client-to-server email submission. Port 25 is now reserved primarily for server-to-server relay.
You need an app password if your email account has two-factor authentication enabled. SMTP clients can’t complete 2FA verification prompts, so app passwords provide a 16-character code that bypasses 2FA for specific applications. Without 2FA, your regular account password works for SMTP authentication.
Error 535 indicates authentication failure — the server rejected your login credentials. Common causes include incorrect passwords, 2FA enabled without an app password, usernames missing the full email domain, or revoked app passwords. Verify credentials systematically, starting with whether you need an app password for your account.
