SMTP relay is the process of transferring email from one mail server to another.
When you send an email outside your own domain, your outgoing server forwards (or “relays”) the message toward the recipient’s mail server — often passing through intermediate servers along the way.
Without a relay infrastructure, email couldn’t cross organizational boundaries. Your messages would remain trapped on your local server and be unable to reach Gmail, Outlook, or any external inbox.
In this guide, we’ll explore:
- How SMTP relay works
- What to look for in a relay service
- Common relay problems and fixes
- Which ports to use (and why 587 is standard)
- Difference between relay, SMTP server, and smart host
How does SMTP relay work?
Every email you send travels through a specific sequence before reaching the recipient. The process follows the Simple Mail Transfer Protocol (SMTP), which defines how servers communicate and hand off messages.
Step 1: Submission
Your email client (Gmail, Outlook, or your application) connects to your outgoing mail server — typically on port 587 or 465. At this stage, you authenticate using SMTP AUTH to prove you’re authorized to send from that domain.
The server receiving your message is called a Mail Submission Agent (MSA). It validates your credentials and prepares the message for transfer.
Step 2: DNS lookup
The relay server examines the recipient’s email address (specifically, the domain after the @ symbol) and queries DNS for MX records. MX records tell the server which mail servers accept email for that domain.
MX records include a preference value — lower numbers get tried first. If the primary server is unavailable, the relay attempts the backup servers in order of preference.
Step 3: SMTP handshake
Your relay initiates a connection with the recipient’s mail server. The two servers exchange commands in a specific sequence:
| Command | Purpose |
| EHLO/HELO | The server introduces itself |
| MAIL FROM | Declares envelope sender |
| RCPT TO | Specifies recipient(s) |
| DATA | Transmits message content |
If both servers agree at each step, the message transfers successfully.
Step 4: Authentication checks
The receiving server evaluates your message against authentication standards:
- DKIM verifies the cryptographic signature and proves message integrity
- DMARC checks that SPF or DKIM passes and aligns with the visible From domain
- SPF validates whether your sending IP is authorized in the envelope sender’s DNS records
Failing these checks often routes messages to spam — or triggers outright rejection. Proper SPF record configuration, DKIM setup, and DMARC policy are essential for email deliverability.
Step 5: Delivery or queuing
If authentication passes, the receiving server delivers the message to the recipient’s mailbox. If the server is temporarily unavailable, your relay queues the message and retries at intervals — typically over several days — before generating a bounce.
What’s the difference between SMTP relay and related terms?
Email infrastructure terminology gets confusing. These terms overlap but mean different things:
| Term | Definition | When used |
| SMTP | Simple Mail Transfer Protocol — the rules servers follow to send email | Any email transmission |
| SMTP relay | The process of forwarding an email between servers | Cross-domain delivery |
| SMTP server | A computer or application that sends/receives email using SMTP | General term for mail servers |
| Smart host | An upstream relay server that requires authentication | Enterprise routing, ISP setups |
| Open relay | A server that allows anyone to send email through it (security risk) | Legacy/misconfigured systems |
| SMTP relay service | A hosted platform handling relay infrastructure | Bulk sending, transactional email |
Smart host vs open relay
Smart hosts require SMTP authentication or IP authorization before accepting messages for relay.
Open relays accept mail from anyone, which is why they’ve been largely eliminated (spammers exploited them heavily).
Most ISPs and enterprises use smart hosts to route outbound mail through designated, authenticated gateways. If your organization routes mail through a central server before it leaves your network, that’s a smart host configuration.
Relay service vs ESP
SMTP relay services focus on infrastructure — accepting your messages and delivering them reliably.
Email service providers (ESPs) offer application-layer features such as templates, analytics, list management, and campaign tools.
Some providers offer both, but the core relay function is distinct from features like open/click tracking or A/B testing.
Which SMTP port should you use?
Port selection affects security, compatibility, and deliverability. Each port serves a different purpose:
| Port | Name | Use case | Encryption |
| 25 | Standard SMTP | Server-to-server relay | Optional (STARTTLS) |
| 465 | Submissions | Client submission with implicit TLS | Required (TLS from start) |
| 587 | Submission | Client submission with STARTTLS | Required (upgrade via STARTTLS) |
| 2525 | Alternate | Backup when 587 is blocked | STARTTLS or TLS |
Port 587 (recommended)
Port 587 is the standards-based submission port for sending mail from clients and applications. It requires authentication and supports STARTTLS for encryption. Most email infrastructure configurations use 587 as the primary submission port.
Port 465
Port 465 uses implicit TLS — the connection encrypts immediately rather than upgrading via STARTTLS. RFC 8314 formally registers port 465 for “submissions” (message submission over TLS). It’s not deprecated, despite older documentation suggesting otherwise.
Port 25
Port 25 handles server-to-server mail transfer. Residential ISPs often block outbound port 25 to prevent spam. You’ll typically use 25 for internal relay between your own servers or for receiving inbound mail — not for client submission.
Port 2525
Port 2525 is an unofficial alternate when 587 is blocked (common in some cloud environments). Most relay services support it as a backup.
Why does SMTP relay affect deliverability?
Your relay infrastructure directly impacts whether emails reach inboxes or spam folders. Email reputation depends heavily on relay configuration.
Authentication enables trust
Relay servers handle the technical side of authentication.
Your relay’s IP address appears in SPF checks. DKIM signatures get applied during relay. DMARC alignment depends on proper relay configuration.
Without a properly configured relay infrastructure, even legitimate messages can appear suspicious to receiving servers.
IP reputation matters
The IP address your relay uses carries reputation history (you have to choose between shared IPs and dedicated IPs).
Shared IPs mean shared consequences — one bad sender can affect everyone on that IP. Dedicated IPs give you control but require IP warming to build a positive reputation before high-volume sending.
Bounce handling protects reputation
Relays manage delivery failures. Distinguishing hard bounces from soft bounces matters for list hygiene:
- Hard bounces are permanent failures (invalid address, domain doesn’t exist)
- Soft bounces are temporary issues (mailbox full, server unavailable)
Properly configured relays suppress hard-bounced addresses and retry soft bounces appropriately. High bounce rates damage the sender’s reputation.
Rate limiting prevents throttling
Major providers (Gmail, Outlook, Yahoo) throttle or block senders who transmit too much volume too quickly. Quality relay services pace delivery to ensure it stays within provider limits.
What are common SMTP relay problems?
Even well-configured relays encounter issues. Here’s how to diagnose and fix them:
Blocked IP
Messages are being rejected or silently dropped.
Causes:
- IP appears on blocklists
- Sending volume spiked suddenly
- The previous owner had a poor reputation
Fixes:
- Check for blacklists
- Switch to a dedicated IP with proper warming
- Request delisting with remediation explanation
- Run an email deliverability test to assess the current status
Authentication failures
Messages are being rejected with SPF, DKIM, or DMARC errors.
Causes:
- DNS records misconfigured
- Domain alignment mismatch
- SMTP AUTH disabled or credentials wrong
Fixes:
- Confirm DKIM signing is active
- Verify SPF includes your relay’s IP
- Check DMARC alignment between envelope and header domains
Relay access denied
Getting the error message “554 5.7.1 relay access denied.”
Causes:
- SMTP AUTH not enabled
- Wrong port or server address
- Attempting to relay through an unauthorized server
Fixes:
- Enable authentication on your connection
- Use your authorized relay service
- Verify server settings
Slow or delayed delivery
The messages take hours or days to arrive.
Causes:
- Overloaded relay server
- Greylisting by the recipient server
- Large attachments are slowing processing
Fixes:
- Check relay queue status
- Reduce attachment sizes
- Verify retry intervals are appropriate
How do you choose an SMTP relay provider?
Selecting the right relay service depends on your sending volume, technical requirements, and deliverability goals.
Infrastructure reliability
Here are the features for infrastructure:
| Feature | Why it matters |
| Uptime guarantees | Downtime means undelivered email |
| Geographic distribution | Reduces latency for global recipients |
| Queue management | Handles temporary failures gracefully |
| Rate limiting | Prevents provider throttling |
Deliverability support
Look for providers that offer:
- Blocklist monitoring and remediation
- Feedback loop integration with major providers
- Dedicated IP addresses (with warming guidance)
- Authentication setup assistance (SPF, DKIM, DMARC)
Integration options
Relay services should connect easily with your existing systems:
- API access for programmatic sending
- Pre-built plugins for common platforms
- Webhooks for bounce and complaint handling
- SMTP credentials for direct integration
Pricing transparency
Watch for hidden costs:
- Per-email vs monthly volume tiers
- Analytics and support add-ons
- Charges for dedicated IPs
- Overage fees
What’s the difference between relay and delivery tracking?
SMTP relay handles message transfer — getting your email from point A to point B. Tracking features (opens, clicks, engagement metrics) are application-layer additions, not relay functions.
When providers advertise “open rate tracking” or “click analytics,” they’re adding tracking pixels and link rewrites to messages before relay. These are ESP features, not intrinsic to SMTP relay.
A pure relay service accepts your message and delivers it. An ESP wraps additional functionality around that core relay.
How can you improve relay deliverability?
Your relay is only part of the equation. Domain reputation, sending practices, and list quality all contribute to inbox placement.
Warm up new IPs
New IP addresses have no reputation. Sending high volume immediately triggers spam filters. Email warmup services gradually increase volume while building positive engagement signals — essential before scaling outreach.
Authenticate properly
Ensure all three authentication methods pass:
- SPF lists all authorized sending IPs
- DMARC sets policy and monitors reports
- DKIM signs messages and publishes the public key
Maintain list hygiene
Invalid addresses hurt reputation. Regular validation removes:
- Spam traps
- Disengaged subscribers
- Nonexistent addresses (hard bounces)
- Role-based addresses (info@, support@)
Monitor feedback loops
Major providers offer feedback loops that report complaints. Integrate these signals to identify problems early and suppress complaining recipients.
Frequently asked questions
Here are some commonly asked questions about SMTP relay:
SMTP relay is the process of passing email from one server to another. When your message leaves your domain and travels to the recipient’s mail server, it’s being relayed. Multiple servers may handle the message before it reaches the final destination.
SMTP (Simple Mail Transfer Protocol) is the communication standard servers use to send email. SMTP relay is specifically the forwarding of messages between servers — one part of what SMTP enables.
Port 587 is the standard submission port for authenticated, encrypted sending. Port 465 also works for implicit TLS connections. Avoid port 25 for client submission — it’s primarily for server-to-server transfer and is often blocked.
Common causes include missing authentication (SPF, DKIM, DMARC), poor IP reputation, sending without warming, or content issues. Run authentication checks and monitor your relay IP’s reputation.
A smart host is an authenticated relay server that handles outbound mail for your organization. Unlike open relays (which accept mail from anyone), smart hosts require authorization — improving security and preventing spam abuse.
For high-volume sending, yes. Consumer email providers (Gmail, Outlook) limit daily sends and weren’t designed for bulk mail. Relay services offer the infrastructure, reputation management, and deliverability tools needed for large-scale email.
