SMTP (Simple Mail Transfer Protocol)

Vladimir V. Riabov, Ph.D., Rivier College

Introduction 1 Content-Transfer-Encoding 11
SMTP Fundamentals 1 Content-Id 12
SMTP Model and Protocol 2 Content-Description 12
User Agent 3 Security Scheme for MIME 12
Sending E-Mail 3 Mail Transmission Types 13
Mail Header Format 3 Mail Access Modes 13
Receiving E-Mail 5 Mail Access Protocols 14
The SMTP Destination Address 5 POP3 14
Delayed Delivery 5 IMAP4 14
Aliases 5 SMTP Vulnerabilities 15
Mail Transfer Agent (MTA) 5 Standards, Organizations, and Associations 15
SMTP Mail Transaction Flow 5 Internet Assigned Numbers Authority 15
SMTP Commands 7 Internet Engineering Task Force Working
Mail Service Types 7 Groups 16
SMTP Service Extensions 7 Internet Mail Consortium 16
SMTP Responses 9 Mitre Corporation 16
SMTP Server 9 Conclusion 16
On-Demand Mail Relay 9 Glossary 16
Multipurpose Internet Mail Extensions (MIME) 9 Cross References 17
MIME-Version 11 References 17
Content-Type 11 Further Reading 19

INTRODUCTION and IMAP4), SMTP software, some vulnerability and se-

curity issues, standards, associations, and organizations.
Electronic mail (e-mail) is one of the most popular net-
work services nowadays. Most e-mail systems that send
mail over the Internet use simple mail transfer protocol SMTP FUNDAMENTALS
(SMTP) to send messages from one server to another. The SMTP, an application layer protocol, is used as the com-
mail delivery is a two-stage process that provides for mail mon mechanism for transporting electronic mail among
instances when the network connection or the remote ma- different hosts within the transmission control protocol/
chine has failed (Comer 2005). For example, when a user Internet protocol (TCP/IP) suite. The history of SMTP has
does not have a permanent Internet connection, it should been described by Kozierok (2006). Under SMTP, a client
have a mailbox on a computer that does have such a con- SMTP process opens a TCP connection to a server SMTP
nection. That computer must run the SMTP server and process on a remote host and attempts to send mail across
be able to always receive incoming mail. The mail mes- the connection. The server SMTP listens for a TCP con-
sages can then be retrieved by the user from the mailbox nection on a specific port (25), and the client SMTP proc-
with an e-mail client (installed on the user’s machine) us- ess initiates a connection on that port (Cisco SMTP 2006).
ing either post office protocol (POP) or Internet message When the TCP connection is successful, the two processes
access protocol (IMAP). The computer with the perma- execute a simple request–response dialogue, defined by the
nent mailbox must run two servers: SMTP for accepting SMTP protocol (see RFC 2821 and RFC 821 for details),
mail and POP/IMAP for retrieving mail. SMTP is also in which the client process transmits the mail addresses
generally used to send messages from a mail client to a of the originator and the recipient(s) for a message. When
mail server in “host-based” (or Unix-based) mail systems, the server process accepts these mail addresses, the client
where a simple mbox utility might be on the same system process transmits the e-mail message. The message must
[or via network file system (NFS) provided by Novell] for contain a message header and message text (“body”) for-
access without POP or IMAP. matted in accordance with RFC 2822 and RFC 822.
This chapter describes the fundamentals of SMTP, ele- In February 1993, the SMTP Service Extensions stand-
ments of its client–server architecture (user agent, mail ard (RFC 1425), which describes a process for adding new
transfer agent, ports), request–response mechanism, capabilities to extend how SMTP works while maintain-
commands, mail transfer phases, SMTP messages, multi- ing backward-compatibility with existing systems, was
purpose internet mail extensions (MIME) for non-ASCII published. The extended SMTP (ESMTP) standard (RFC
(American Standard Code for Information Interchange) 1425) was revised in RFC 1651 in July 1994 and then
data, e-mail delivery cases, mail access protocols (POP3 RFC 1869 in November 1995. Particular SMTP extensions,
1

bid44608_ch85.indd 1 6/4/07 [Link] PM

 2 SMTP (SIMPLE MAIL TRANSFER PROTOCOL)

such as message size declaration (RFC 1653 and RFC 1870), is used in Europe as an alternative to SMTP. Also, the
authentication (RFC 2554), and pipelining (RFC 2920), message handling service (MHS) developed by Novell
were defined later. In April 2001, revisions of RFC 821 is used for electronic mail on Netware networks (“What is
and RFC 822 were published, as RFCs 2821 and 2822 SMTP?” 2006).
respectively. The current base standard protocol for
SMTP (RFC 2821) incorporates the base protocol descrip-
tion (RFC 821) and the latest SMTP extensions (RFC SMTP MODEL AND PROTOCOL
1869) and updates the description of the e-mail commu- The SMTP model (RFC 821) supports both end-to-end (no
nication model to reflect changes of TCP/IP networks, intermediate message transfer agents [MTAs]) and store-
especially the e-mail features built into the domain name and-forward mail delivery methods. The end-to-end
system (DNS) (Kozierok 2006). method is used between organizations, and the store-and-
Mail that arrives via SMTP is forwarded to a remote forward method is chosen for operating within organiza-
server, or it is delivered to mailboxes on the local server. tions that have TCP/IP and SMTP-based networks.
POP3 or IMAP allow users to download mail that is stored A SMTP client will contact the destination host’s SMTP
on the local server. The delivery of e-mail to a user’s mail- server directly to deliver the mail. It will keep the mail
box typically takes place via a mail delivery agent (MDA). item being transmitted until it has been successfully cop-
The MDA software accepts incoming e-mail messages and ied to the recipient’s SMTP server queue. This is different
distributes them to recipients’ individual mailboxes (if the from the store-and-forward principle that is common in
destination account is on the local machine), or forwards many other electronic mailing systems, in which the mail
back to an SMTP server (if the destination is on a remote item may pass through a number of intermediate hosts in
server) (Wikipedia 2006). On UNIX systems, /bin/mail is the same network on its way to the destination and where
the most popular MDA. Many mail transfer agents (MTAs) successful transmission from the sender only indicates
have basic MDA functionality built in, but a dedicated that the mail item has reached the first intermediate hop
MDA like procmail can provide more sophistication. (“Simple Mail Transfer Protocol” [SMTP] 2004).
Most mail programs such as Eudora allow the client The RFC 821 standard defines a client–server protocol.
to specify both an SMTP server and a POP server. On The client SMTP is the one, which initiates the session
UNIX-based systems, Sendmail is the most widely used (that is, the sending SMTP) and the server is the one that
SMTP server for e-mail. Sendmail includes a POP3 server responds (the receiving SMTP) to the session request.
and also comes in a version for Windows NT (“What is Because the client SMTP frequently acts as a server for
SMTP?”, 2006). The MIME protocol defines one way files a user-mailing program, however, it is often simpler to
can be attached to SMTP messages. Microsoft Outlook refer to the client as the sender-SMTP and to the server as
and Netscape/Mozilla Communicator are some popular the receiver-SMTP.
mail-agent programs on Window-based systems. The An SMTP-based process can transfer electronic mail to
other functional and capable method of file attachment another process on the same network or to another network
includes uuencode and uudecode techniques that are no via a relay or gateway process accessible to both networks
longer in widespread use. (Sheldon 2001). An e-mail message may pass through a
The X.400 International Telecommunication Union number of intermediate relay or gateway hosts on its path
standard (Tanenbaum 2003) that defines transfer pro- from a sender to a recipient. A simple model of the compo-
tocols for sending electronic mail between mail servers nents of the SMTP system is shown in Figure 1.

Figure 1: The basic simple mail transfer protocol (SMTP) model

bid44608_ch85.indd 2 6/4/07 [Link] PM

 USER AGENT 3

Users deal with a user agent (UA). Popular user agents TCP/IP SMTP mailing system and the locally used mail-
for UNIX include Berkeley Mail, Elm, MH, Pine, and Mutt. ing systems. These applications are called mail gateways
The user agents for Windows include Microsoft Outlook/ or mail bridges. Sending mail through a mail gateway
Outlook Express and Netscape/Mozilla Communicator. may alter the end-to-end delivery specification, because
The exchange of mail using TCP is performed by an SMTP will only guarantee delivery to the mail-gateway
MTA. The most common MTA for UNIX systems is Send- host, not to the real destination host, which is located be-
mail, and for Windows is Microsoft Exchange 2000/2003. yond the TCP/IP network. When a mail gateway is used,
In addition to stable host-based e-mail servers, Microsoft the SMTP end-to-end transmission is host-to-gateway,
Corporation has developed LDAP/Active-directory serv- gateway-to-host or gateway-to-gateway; the behavior be-
ers and B2B-servers that enhance mail-delivery practices. yond the gateway is not defined by SMTP.
Users normally do not deal with the MTA. It is the respon- The creation of domain name system (DNS) radically
sibility of the system administrator to set up the local MTA. changed the e-mail delivery approach. DNS includes sup-
Users often have a choice, however, for their user agent port for a special mail exchanger record that allows easy
(Stevens 1993). The MTA maintains a mail queue so that mapping from the domain name in an e-mail address to
it can schedule repeat delivery attempts in case a remote the IP address of the SMTP server that handles mail for
server is unable. Also the local MTA delivers mail to mail- that domain (Kozierok 2006). The sending SMTP server
boxes, and the information can be downloaded by the UA uses DNS to find the mail exchanger record of the do-
(see Figure 1). main to which the e-mail is addressed. The sender uses
The RFC 821 standard specifies the SMTP protocol, this information for identifying the DNS name of the re-
which is a mechanism of communication between two cipient’s SMTP server and for resolving an IP address that
MTAs across a single TCP connection. The RFC 822 can be used for a direct connection between the sender’s
standard specifies the format of the electronic mail mes- SMTP server and the recipient’s one to deliver the e-mail
sage that is transmitted using the SMTP protocol (RFC (RFC 2821).
821) between the two MTAs. As a result of a user mail re-
quest, the sender-SMTP establishes a two-way connection
with a receiver-SMTP. The receiver-SMTP can be either USER AGENT
the ultimate destination or an intermediate one (known
Introduced in RFC 821 and RFC 822, the SMTP defines user
as a mail gateway). The sender-SMTP will generate com-
agent functionality, but not the implementation details. A
mands, which are replied to by the receiver-SMTP (see
survey of the SMTP implementations can be found in RFC
Figure 1).
876. The UA is a program that is used to send and receive
Both the SMTP client and server should have two ba-
electronic mail. The most popular user agent programs for
sic components: UA and local MTA. There are few cases
UNIX are Berkley Mail, Elm, MH, Mutt, Mush, and Zmail.
of sending electronic-mail messages across networks.
Some UAs have an extra user interface (e.g., Eudora) that
In the first case of communication between the sender
allows window-type interactions with the system. The user
and the receiver across the network (see Figure 1), the
agents for Windows include Microsoft Outlook/Outlook
sender’s UA prepares the message, creates the envelope,
Express and Netscape/Mozilla Communicator.
and puts message in the envelope. The MTA transfers the
mail across the network to the TCP-port 25 of the receiv-
er’s MTA. In the second case of communication between
the sending host (client) and the receiving host (server),
Sending E-Mail
relaying could be involved (see Figure 2). In addition to Electronic mail is sent by a series of request–response
one MTA at the sender site and one at the receiving site, transactions between a client and a server. An SMTP trans-
other MTAs, acting as client or server, can relay the elec- action consists of the envelope and message, which is com-
tronic mail across the network. posed of header (with From: and To: fields) and body (text
The most common way in the early days of SMTP was after headers sent with the DATA command). The envelope
through a process called relaying (Kozierok 2006). SMTP is transmitted separately from the message itself using
routing information was included along with the e-mail MAIL FROM and RCPT TO commands (see RFC 1123). A
address, to specify a sequence of SMTP servers that the null line, that is, a line with nothing preceding the <CRLF>
mail should be relayed through to get to its destination. sequence, terminates the mail header. Some implementa-
The system of relays allows sites that do not use the TCP/ tions (e.g., VM, which does not support zero-length records
IP protocol suite to send electronic mail to users on other in files), however, may interpret this differently and accept
sites that may or may not use the TCP/IP protocol suite. a blank line as a terminator (SMTP 2004). Everything after
This third scenario of communication between the sender the null (or blank) line is the message body, which is a se-
and the receiver can be accomplished through the use of quence of lines containing ASCII characters. The message
an e-mail gateway, which is a relay MTA that can receive body contains the actual information that can be read by
electronic mail prepared by a protocol other than SMTP the recipient.
and transform it to the SMTP format before sending it.
The e-mail gateway can also receive electronic mail in the
SMTP format, change it to another format, and then send Mail Header Format
it to the MTA of the client that does not use the TCP/IP The header includes a number of key words and values
protocol suite (Forouzan 2005). In various implementa- that define the sending date, sender’s address, where re-
tions, there is the capability to exchange mail between the plies should go, and some other information.

bid44608_ch85.indd 3 6/4/07 [Link] PM

 4 SMTP (SIMPLE MAIL TRANSFER PROTOCOL)

Figure 2: The simple mail transfer protocol (SMTP) model with relay mail transfer agents

The header is a list of lines, of the form (SMTP 2004): and “From” fields) are “mailboxes.” The most common
forms for these are the following:
field-name: field-value
• jsmith@[Link]
Fields begin in column 1: Lines beginning with white • John Smith <jsmith@[Link]>
space characters (SPACE or TAB) are continuation lines,
• “John Smith” <jsmith@[Link]>
which are unfolded to create a single line for each field
in the canonical representation. Strings enclosed in
ASCII quotation marks indicate single tokens within which The string “John Smith” is intended for human recipients
special characters such as the colon are not significant. and is the name of the mailbox owner. The string “jsmith@
Many important field values (such as those for the “To” [Link]” is the computer-readable address of the

bid44608_ch85.indd 4 6/4/07 [Link] PM

 MAIL TRANSFER AGENT (MTA) 5

mailbox (the angle brackets are used to delimit the ad- In the case of delaying at the sender site, the client has
dress but are not part of it). One can see that this form to accommodate a spooling system, in which e-mail mes-
of addressing is closely related to the domain name sys- sages are stored before being sent. A message created by
tem (DNS) concept (Internet Assigned Numbers Authority the user agent is delivered to the spool storage. The cli-
[IANA], 2006). In fact, the client SMTP uses the DNS to ent mail transfer agent periodically (usually every 10 to 30
determine the IP address of the destination mailbox. minutes) checks the spool to find the mail that can be sent.
Some frequently used fields (key words) are the fol- The mail will be sent only if the receiver is ready and the IP
lowing: address of the server has been obtained though DNS. If a
message cannot be delivered in the timeout period (usually
• to Primary recipients of the message. about 3 to 5 days), the mail returns to the sender.
• cc Secondary (“carbon-copy”) recipients of the mes- Upon receiving the message, the server-MTA stores it
sage. in the mailbox of the receiver (see Figure 1). In this case,
• from Identity of sender. the receiver can access the mailbox at any convenient
time.
• reply-to The mailbox to which responses are to be
Finally, the SMTP standard procedures allow in-
sent. This field is added by the originator.
termediate MTAs to serve as clients and servers. Both
• return-path Address and route back to the originator. intermediate clients and servers can receive mail, store
This field is added by the final transport system that mail messages in their mailboxes and spools, and send
delivers the mail. them later to an appropriate destination.
• Subject Summary of the message. The user usually
provides the summary.
Aliases
The SMTP mechanism allows one name, an alias, to rep-
Receiving E-Mail resent several e-mail addresses (this feature is known as
The UA periodically checks the content of the mailboxes “one-to-many alias expansion”; Forouzan 2005). Addi-
(see Figure 1). It informs the user about mail arrival by tionally, a single user can also be defined by several e-mail
giving a special notice. When the user tries to read the addresses (this is called “many-to-one alias expansion”).
mail, a list of arrived mail packages is displayed. Each line The system can handle these expansions by including an
of the list contains a brief summary of the information alias expansion facility (connected to the alias databases)
about a particular package in the mailbox. The summary at both the sender and receiver sites.
may include the sender mail address, the subject, and the
time the mail was received or sent. By selecting any of
the packages, the user can view its contents on the termi-
MAIL TRANSFER AGENT (MTA)
nal display. MTAs transfer actual mail. The system must have the
client MTA for sending e-mail and the server MTA for re-
ceiving mail (see Figure 1). The SMTP-related RFCs do not
The SMTP Destination Address define a specific MTA. The UNIX-based MTA uses com-
The SMTP destination address (a mailbox address), in its monly the Sendmail utility. The most common MTA for
general form local-part@domain-name, can take several Windows is Microsoft Exchange 2000/2003.
forms (SMTP 2004): The “mta-name-type” and “address-type” parameters
(e.g., dnc and rfc822 for the Internet mail, respectively)
• user@host—For a direct destination on the same TCP/ are defined for use in the SMTP delivery status notifica-
IP network. tion document (see RFC1891). An identification of other
mail systems can also be used. One of the identification
• user%remote-host@gateway-host—For a user on a non-
methods has been described in “The COSINE and Inter-
SMTP destination remote-host, via the mail gateway
net X.500 Schema” (section 9.3.18) in the RFC1274 docu-
gateway-host.
ment. The mail system names listed here are used as the
• @host-a,@host-b:user@host-c—For a relayed message. legal values in that schema under the “otherMailbox”
This form contains explicit routing information. The attribute “mailboxType” type, which must be a Printa-
message will first be delivered to host-a, who will resend bleString. The “Mapping between X.400 (1988)/ISO 10021
(relay) the message to host-b. Host-b will then forward and RFC 822” is described in the section 4.2.2 of the
the message to the real destination host-c. Note that the RFC1327 document. The names listed here are used as
message is stored on each of the intermediate hosts; the legal values in that schema under the “std-or-address”
therefore, there is no end-to-end delivery in this case. attribute “registered-dd-type” type, which must be a “key-
This address form is obsolete and should not be used string” (for details, see Mail Parameters 2006).
(see RFC 1123).

SMTP Mail Transaction Flow

Delayed Delivery The SMTP protocol (RFC 821) defines how commands
The SMTP protocol allows delayed delivery, and the mes- and responses must be sent by the MTAs. The client sends
sage can be delayed at the sender site, the receiver site, or commands to the server, and the server responds with nu-
the intermediate servers (Forouzan 2005). meric reply codes and optional human-readable strings.

bid44608_ch85.indd 5 6/4/07 [Link] PM

 6 SMTP (SIMPLE MAIL TRANSFER PROTOCOL)

There are a small number of commands (less than a sender-SMTP supports SMTP service extensions as
dozen) that the client can send to the server. An example defined in the RFC 1651, it may substitute an EHLO
of sending a simple one-line message and an interpreta- command in place of the HELO command. A receiver-
tion of the SMTP connection can be found in Stevens SMTP, which does not support service extensions, will
(1993). respond with a 500 Syntax error, command unrecog-
Although mail commands and replies are rigidly de- nized message. The client (sender-SMTP) should then
fined (see “Commands and Responses” later in this chap- retry with HELO, or if it cannot transmit the message
ter), the exchange can easily be followed in Figure 3. without one or more service extensions, it should send
In this scenario (Comer 2005; SMTP 2004), the user a QUIT message. If a receiver-SMTP supports service
jsmith at host [Link] sends a note to users dar- extensions, it responds with a multiline 250 OK mes-
ien, steve and bryan at host [Link]. Here the lines sages that include a list of service extensions, which it
sent by the server (receiver) are preceded by S, and the supports.
lines sent by the client (sender) preceded by C. Note that 3. The client (sender) now initiates the start of a mail
the message header is part of the data being transmitted. transaction by sending a MAIL command to the re-
All exchanged messages (commands, replies, and data) ceiver. This command contains the reverse-path,
are text lines, delimited by a <CRLF>. All replies have a which can be used to report errors. Note that a path
numeric code at the beginning of the line. can be more than just the user-mailbox@host-domain-
The scenario includes the following steps (SMTP name pair. In addition, it can contain a list of rout-
2004): ing hosts. Examples of this are when the mail passes a
mail bridge or when the user provides explicit routing
1. The client (sender-SMTP) establishes a TCP connec- information in the destination address. If accepted,
tion with the destination SMTP and then waits for the the server (receiver) replies with a 250 OK message.
server to send a 220 Service ready message or a 421 4. The second step of the actual mail exchange consists of
Service not available message when the destination is providing the server SMTP with the destinations for the
temporarily unable to proceed. message (there can be more than one recipient). This
2. The HELO command is sent, and the receiver is forced is done by sending one or more RCPT TO:<forward-
to identify himself by sending back its domain name. path> commands. Each of them will receive a 250 OK
The client (sender-SMTP) can use this information to reply if the destination is known to the server or a 550
verify if it contacted the right destination SMTP. If the No such user here reply if it is not.

Figure 3: An example of the interactive session between the client (“sender” C) and the server (“receiver” S)

bid44608_ch85.indd 6 6/4/07 [Link] PM

 MAIL TRANSFER AGENT (MTA) 7

5. When all RCPT commands are sent, the client (sender) Internet Hosts—Application and Support,” and RFC 2821
issues a DATA command to notify the server (re- “Simple Mail Transfer Protocol.” For details of SMTP
ceiver) that the message contents are following. The service extensions, see the RFC 1651 “SMTP Service Ex-
server replies with the 354 Start mail input, end with tensions,” RFC 1652 “SMTP Service Extension for 8bit-
<CRLF>.<CRLF> message. MIMEtransport,” RFC 1653 “SMTP Service Extension for
6. The client now sends the data line by line, ending with Message Size Declaration,” and RFC 2554 “SMTP Service
the sequence <CRLF>.<CRLF> line on which the re- Extension for Authentication.”
ceiver acknowledges with a 250 OK or an appropriate The commands normally progress in a sequence (one at
error message if anything went wrong. a time). The advanced pipelining feature introduced in the
7. The following actions (SMTP 2004) are possible after RFC 2920 document allows multiple commands to be sent
that: to a server in a single operation of the TCP-send type.
• The sender has no more messages to send; he will
end the connection with a QUIT command, which Mail Service Types
will be answered with a 221 Service closing trans-
The set of services desired from a mail server are some-
mission channel reply (see Figure 3).
times characterized by the “hello” key word. The various
• The client (sender) has another message to send
mail service types are as follows (Mail Parameters 2006):
and simply goes back to step 3 to send a new MAIL
command. • HELO for Simple Mail (see RFC821)
In this description, only the most important commands • EHLO for Mail Service Extensions (see RFC1869)
that must be recognized in each SMTP implementation
• LHLO for Local Mail (see RFC2033).
(see RFC821) have been mentioned. Other optional com-
mands (the RFC 821 standard does not require them to
be implemented everywhere) implement several impor- The EHLO key word has a numerical parameter SIZE
tant functions such as forwarding, relaying, mailing lists, for specifying the new format of e-mail messages (see
and so on. RFC1870).

SMTP Commands SMTP Service Extensions

The commands formed with ASCII (text) are sent from the SMTP (RFC821) specifies a set of commands or services
client to the server. The simple structure of the commands for mail transfer. A general procedure for extending the
allows for building mail clients and servers on any platform. set of services is defined in the STD11/RFC1869 docu-
Table 1 lists commands and their description and formats. ment. The service extensions are identified by key words
The command consists of a key word followed by zero or sent from the server to the client in response to the EHLO
more arguments. Five commands (HELO, MAIL FROM, command (Mail Parameters 2006). The set of service ex-
RCPT TO, DATA, and QUIT) are mandatory, and every im- tensions are as follows:
plementation must support them. The EHLO command is
strongly preferred to HELO when the server will accept • SEND—Send as mail (see RFC821)
the former (RFC 2821). Servers must continue to accept • SOML—Send as mail or to terminal (see RFC821)
and process HELO in order to support older clients. • SAML—Send as mail and to terminal (see RFC821)
The other two commands (RSET and NOOP) are of- • EXPN—Expand the mailing list (see RFC821)
ten used and highly recommended. The VRFY and EXPN
• HELP—Supply helpful information (see RFC821)
commands are often disabled. This technique allows re-
ducing spam validation of email addresses. The next five • TURN—Turn the operation around (see RFC821)
programs (TURN, HELP, SEND FROM, SOML FROM, • 8BITMIME—Use 8-bit data; it defines support for the
and SAML FROM) are seldom used. The TURN command 8-bit content transfer encoding type in MIME (see
raises security issues (RFC 2821), because, in the absence RFC1652)
of strong authentication of the host requesting that the • AUTH—Uses to implement an authorization mecha-
client and server switch roles, it can easily be used to nism for servers requiring enhanced security (see
divert mail from its correct destination. SMTP systems RFC2554)
should not use this command unless the server can au- • SIZE—Message size declaration, which allows infor-
thenticate the client. The SEND, SAML, and SOML com- mation about the size of a message to be declared by
mands were originally introduced in RFC 821 to provide an SMTP sender prior to transmitting it, so the SMTP
additional, optional mechanism of delivering messages receiver can decide if it wants the message or not (see
directly to the user’s terminal screen. They were rarely RFC1870)
implemented, and changes in workstation technology • CHUNKING—Chunking (see RFC3030)
and the introduction of other protocols may have ren-
dered them obsolete even where they are implemented
• BINARYMIME—Binary MIME (see RFC3030)
(RFC 2821). SMTP clients should not provide SEND, • CHECKPOINT—Checkpoint/restart (see RFC1845)
SAML, or SOML as services. • PIPELINING—Command pipelining, which allows
For a full list of commands, see the RFC 821 “Sim- multiple commands to be transmitted in batches from
ple Mail Transfer Protocol,” RFC 1123 “Requirements for the SMTP sender to the receiver, rather than sending

bid44608_ch85.indd 7 6/4/07 [Link] PM

 8 SMTP (SIMPLE MAIL TRANSFER PROTOCOL)

Table 1: Simple Mail Transfer Protocol (SMTP) Commands. Adapted from SMTP Specifications 2006

Command Description Format References

ATRN Authenticated TURN RFC 2645
AUTH Authentication RFC 2554
BDAT Binary data RFC 3030
DATA Data; used to send the actual message; all lines that DATA RFC 821,
follow the DATA command are treated as the e-mail Best wishes. RFC 2821
message; the message is terminated by a line containing
just a period
EHLO Extended Hello RFC 1869,
RFC 2821
ETRN Extended TURN RFC 1985
EXPN Expand; asks the receiving host to expand the mailing EXPN: a b c RFC 821,
list sent as the arguments and to return the mailbox RFC 2821
addresses of the recipients that comprise the list
HELO Hello; used by the client to identify itself HELO: [Link] RFC 821,
RFC 2821
HELP Help; requests the recipient to send information about HELP: mail RFC 821,
the command sent as the argument RFC 2821
MAIL Mail; used by the client to identify the sender of MAIL FROM: jsmith@ RFC 821,
FROM the message; the argument is the e-mail address of the [Link] RFC 2821
sender
NOOP No operation; used by the client to check the status of NOOP RFC 821,
the recipient; requires an answer from the recipient RFC 2821
QUIT Quit; terminates the message QUIT RFC 821,
RFC 2821
RCPT Recipient; used by the client to identify the intended RCPT TO: steve@[Link] RFC 821,
recipient of the message; if there are multiple recipients, RFC 2821
the command is repeated
RSET Reset; aborts the current e-mail transaction; the stored RSET RFC 821,
information about the sender and recipient is deleted; RFC 2821
the connection will be reset
SAML Send to the mailbox or terminal; specifies that the mail SAML FROM: jsmith@ RFC 821
have to be delivered to the terminal or the mailbox of [Link]
the recipient; the argument is the address of the sender
SEND Send; specifies that the mail is to be delivered to the SEND FROM: jsmith@ RFC 821
terminal of the recipient and not the mailbox; if [Link]
the recipient is not logged in, the mail is bounced
back; the argument is the address of the sender
SOML Send to the mailbox or terminal; it specifies that the SOML FROM: jsmith@ RFC 821
mail is to be delivered to the terminal or the mailbox of [Link]
the recipient; the argument is the address of the sender
STARTTLS Extended Hello with transport layer security RFC 3207
TURN Turn; it lets the sender and the recipient switch positions TURN RFC 821
whereby the sender becomes the recipient and vice
versa (most SMTP implementations today do not
support this feature; see RFC2821)
VRFY Verify; it verifies the address of the recipient, which is VRFY: steve@[Link] RFC 821,
sent as the argument; the sender can request the receiver RFC 2821
to confirm that a name identifies a valid recipient.

bid44608_ch85.indd 8 6/4/07 [Link] PM

 MULTIPURPOSE INTERNET MAIL EXTENSIONS (MIME) 9

one command at a time and waiting for a response model) from any Internet connection (see RFC 2645). The
code (see RFC2920) initial client and server roles are short-lived, because
• DSN—Delivery status notification, which allows an the point is to allow the intermittently connected host to
SMTP sender to request that the SMTP receiver notify request mail held for it by a service provider. The customer
if a problem occurs in delivering a message the sender initiates a connection to the provider, authenticates, and
gives to it (see RFC1891) requests its mail. The roles of client and server then reverse,
• ETRN—Extended turn (see RFC1985) and the normal SMTP scenario proceeds. The provider
has an ODMR process listening for connections on
• ENHANCEDSTATUSCODES—Enhanced status codes;
the ODMR port 366 (SMTP Specifications 2006). On the
it extends the traditional 3-digit SMTP reply code for-
server, this process implements the EHLO, AUTH, ATRN,
mat with extra codes that provide more information
and QUIT commands. Also, it has to be an SMTP client
(see RFC2034 and RFC1893)
with access to the outgoing mail queues. An MTA normally
• STARTTLS—Start TLS (see RFC3207). has a mail client component, which processes the outgo-
ing mail queues, attempting to send mail for particular
Some of these key words have parameters (for details, see domains, based on time or events, such as new mail being
Mail Parameters 2006). placed in the queue or receipt of an ETRN command
by the SMTP server component. The ODMR service proc-
SMTP Responses esses the outgoing queue on request. The ISP provider
side has normal SMTP server responsibilities, including
Responses are sent from the server to the client. A re-
generation of delivery failure notices (SMTP Specifica-
sponse is a three-digit code that may be followed by addi-
tions 2006).
tional textual information. The meanings of the first digit
are as follows:

• 2bc—positive completion reply; the requested com- MULTIPURPOSE INTERNET MAIL

mand has been successfully completed and a new EXTENSIONS (MIME)
command can be started.
The RFC 821/ STD 10 standard specifies that data sent via
• 3bc—positive intermediate reply; the requested com- SMTP is 7-bit ASCII data, with the high-order bit cleared
mand has been accepted, but the server needs some to zero. This is adequate in most instances for the trans-
more information before completion can occur. mission of English text messages but is inadequate for
• 4ab—transient negative completion reply; the requested non-English text or nontextual data.
command has been rejected, but the error condition is There are two approaches to overcoming these limita-
temporary, and the command can be sent again. tions. In the first approach, the multipurpose Internet mail
• 5ab—permanent negative completion reply; the re- extensions (MIME) supplementary protocol was defined
quested command has been rejected, and the command in RFC 1521 and RFC 1522, which specify a mechanism
cannot be sent again (e.g., see RFC 1846). for encoding text and binary data as 7-bit ASCII within the
mail envelope defined by the RFC 822 standard. MIME is
The second (b) and the third (c) digits provide further de- also described in SMTP (2006).
tails about the responses. Table 2 shows the list of typical In the second approach, the SMTP service extensions
reply codes and their descriptions. (RFC 1651, RFC 1652, and RFC 1653) define a mecha-
nism to extend the capabilities of SMTP beyond the limi-
tations imposed by the RFC 821 standard. The RFC 1651
SMTP SERVER document introduces a standard for a receiver-SMTP to
The SMTP server sends and receives mail from other In- inform a sender-SMTP, which service extensions it sup-
ternet hosts using the SMTP. The SMTP server processes ports. New procedures modifies the RFC 821 standard
all incoming and outgoing mail. Outgoing mail is spooled to allow a client SMTP agent to request that the server
until the SMTP server can confirm it has arrived at responds with a list of the service extensions that it sup-
its destination; incoming mail is spooled until users access ports at the start of an SMTP session. If the server SMTP
it by using a POP3 or IMAP4 mail client. Spooling allows does not support the RFC 1651, it will respond with an er-
the transfer from client and server to occur in the back- ror and the client may either terminate the session or at-
ground. The instructions on how to configure the SMTP tempt to start a session according to the rules of the RFC
server in the Windows NT environment and how to set 821 standard. If the server does support the RFC 1651,
options to provide security for the SMTP server are de- it may also respond with a list of the service extensions
scribed in “How to Set SMTP Security Options” (2006). that it supports. A registry of services is maintained
by the Internet Assigned Numbers Authority (IANA 2006);
the initial list defined in the RFC 1651 document con-
ON-DEMAND MAIL RELAY tains those commands listed in RFC 1123 as optional for
On-demand mail relay (ODMR), also known as authen- SMTP servers.
ticated TURN (ATRN), is an e-mail service that allows a Specific extensions are defined in RFC 1652 and RFC
user to connect to an Internet service provider (ISP), au- 1653. A protocol for 8-bit text transmission (RFC 1652)
thenticate, and request e-mail using a dynamic IP address allows an SMTP server to indicate that it can accept data
(instead of static IP addresses used in a “traditional” SMTP consisting of 8-bit bytes. A server, which reports that this

bid44608_ch85.indd 9 6/4/07 [Link] PM

 10 SMTP (SIMPLE MAIL TRANSFER PROTOCOL)

Table 2: Simple Mail Transfer Protocol (SMTP) Reply Codes. Adapted from SMTP Specifications 2006.

Code Description
Positive Completion Reply
211 System status or system help reply
214 Help message
220 Domain service ready; ready to start TLS
221 Domain service closing transmission channel
250 OK, queuing for node node started; requested command completed
251 OK, no messages waiting for node node; user not local, will forward to forwardpath
252 OK, pending messages for node node started; cannot VRFY user (e.g., information is not local) but
will take message for this user and attempt delivery
253 OK, messages pending messages for node node started
Positive Intermediate Reply
354 Start mail input; end with <CRLF>.<CRLF>
355 Octet-offset is the transaction offset
Transient Negative Completion Reply
421 Domain service not available, closing transmission channel
432 A password transition is needed
450 Requested mail action not taken: mailbox unavailable; ATRN request refused
451 Requested action aborted: local error in processing; unable to process ATRN request now
452 Requested action not taken: insufficient system storage
453 You have no mail
454 TLS not available due to temporary reason; encryption required for requested authentication
mechanism
458 Unable to queue messages for node node
459 Node node not allowed: reason
Permanent Negative Completion Reply
500 Command not recognized: command; Syntax error
501 Syntax error in parameters or arguments; no parameters allowed
502 Command not implemented
503 Bad sequence of commands
504 Command parameter temporarily not implemented
521 Machine does not accept mail
530 Must issue a STARTTLS command first; encryption required for requested authentication
mechanism
534 Authentication mechanism is too weak
538 Encryption required for requested authentication mechanism
550 Requested action not taken (command is not executed): mailbox unavailable
551 User not local; please try forwardpath
552 Requested mail action aborted: exceeded storage allocation
553 Requested action not taken: mailbox name not allowed
554 Transaction failed

bid44608_ch85.indd 10 6/4/07 [Link] PM

 MULTIPURPOSE INTERNET MAIL EXTENSIONS (MIME) 11

extension is available to a client, must leave the high-or- The MIME protocols define five header lines that can
der bit of bytes received in an SMTP message unchanged be added to the original header section to define the
if requested to do so by the client. transformation parameters: MIME-version, content-type,
The MIME and SMTP service extension approaches content-transfer-encoding, content-id, and content-
are complementary. Following their procedures (RFC description (see Figure 5). Each header line is described
1652), nontraditional SMTP agents can transmit mes- in detail in the following sections.
sages, which are declared as consisting of 8-bit data
rather than 7-bit data, when both the client and the server
conform to the RFC 1651 or RFC 1652 options (or both).
Whenever a client SMTP attempts to send 8-bit data to a
MIME-Version
server, which does not support this extension, the client The header line MIME-Version: 1.1 declares that the mes-
SMTP must either encode the message contents into a sage was composed using the (current) version 1.1 of the
7-bit representation compliant with the MIME standard MIME protocol.
or return a permanent error to the user.
The SMTP service extension has the limitation on max-
imum length of a line (only up to 1,000 characters as re- Content-Type
quired by the RFC 821 standard). The service extension also
The header line Content-Type:<type/subtype; param-
limits the use of non-ASCII characters to message headers,
eters> defines the type of data used in the body of the
which are prohibited by the RFC 822 regulations.
message. The identifiers of the content type and the con-
The RFC 1653 document introduces the protocol for
tent subtype are separated by a slash. Depending on the
message size declaration that allows a server to inform
subtype, the header may contain other parameters. The
a client of the maximum size message it can accept. If
MIME standard allows seven basic content types of data,
both server and client support the message size declara-
the valid subtypes for each, and transfer encodings, which
tion extension, the client may declare an estimated size of
are listed in Table 3. Examples of the content-type headers
the message to be transferred, and the server will return
can be found in Forouzan (2005).
an error if the message is too large. Each of these SMTP
service extensions is a draft standard protocol and each
has a status of elective.
The MIME can be considered as a set of software func- Content-Transfer-Encoding
tions that transforms non-ASCII data to ASCII characters The Content-Transfer-Encoding:<type> header line de-
and vice versa, as shown in Figure 4. fines the method to encode the messages into a bit-stream

Figure 5: MIME header

Figure 4: MIME functionality

bid44608_ch85.indd 11 6/4/07 [Link] PM

 12 SMTP (SIMPLE MAIL TRANSFER PROTOCOL)

Table 3: Data Types and Subtypes in a Multipurpose Internet Mail Extensions (MIME)Content-Type Heaser Declaration

Type Subtype Description

Plain Unformatted 7-bit ASCII text; no transformation by MIME is needed
Text
HTML HTML format
Mixed Body contains ordered parts of different data types
Parallel Body contains no-ordered parts of different data types
Multipart Digest Body contains ordered parts of different data types, but the default is
message/RFC822
Alternative Parts are different versions of the same message
RFC822 Body is an encapsulated message
Message Partial Body is a fragment of a bigger message
External-Body Body is a reference to another message
Image JPEG Image is in JPEG format
GIF Image is in GIF format
Video MPEG Video is in MPEG format
Audio Basic Single channel encoding of voice at 8 KHz
Application PostScript Adobe PostScript
Octet-stream General binary data (eight-bit bytes)
GIF ⫽ Graphics Interchange Format; HTML ⫽ Hypertext Markup Language; JPEG ⫽ Joint Photographic Experts Group; MPEG ⫽ Motion Picture Experts
Group.

of 0s and 1s for transport. The five types of encoding are Figure 6 shows an example of a multi-part message in
as follows: MIME format with mixed subtypes.

• 7bit—for NVT ASCII characters and short lines of less Content-Id

than 1,000 characters. The header line Content-Id: id⫽<content-id> uniquely
• 8bit—for non-ASCII characters and short lines of less identifies the whole message in a multiple message envi-
than 1,000 characters; the underlying SMTP protocol ronment.
must be able to transfer 8-bit non-ASCII characters
(this type is not recommended).
• binary—for non-ASCII characters with unlimited-
Content-Description
length lines; this is 8-bit encoding. The underlying The header line Content-Description:<description>
SMTP protocol must be able to transfer 8-bit non- defines whether the body is image, audio, or video.
ASCII characters (this type is not recommended).
• base64—for sending data made of bytes when the high- Security Scheme for MIME
est bit is not necessarily zero; 6-bit blocks of data are
The S/MIME is a security scheme for the MIME protocol.
encoded into 8-bit printable ASCII characters (for de-
It was developed by RSA Security and is an alternative
tails, see Tschabitscher 2006; Stevens 1993), which can
to the pretty good privacy (PGP) encryption and digital
then be sent as any type of character set supported by
signature scheme that uses public-key cryptography. The
the underlying mail transfer mechanism.
S/MIME scheme was standardized by IETF. According to
• quoted-printable—for sending data that consist of mostly “Report of the IAB Security Architecture Workshop” (RFC
ASCII characters with a small non-ASCII portion; if 2316), the designated security mechanism for adding se-
a character is not ASCII, it is sent as three characters: cured sections to MIME-encapsulated e-mail is security/
the first character is the equal sign, and the next two multipart, as described in “Security Multiparts for MIME:
are the hexadecimal representation of the byte. Multipart/Signed and Multipart/Encrypted” (RFC 1847).
The S/MIME is widely used by large companies that
Although the content type and encoding are independent, need to standardize e-mail security for both interorgani-
the RFC 1521 document recommends quoted-printable zation and intraorganization mail exchange (Internet
for text with non-ASCII data, and base64 for image, au- Engineering Task Force [IETF] SMIME, 2006). It re-
dio, video, and octet-stream application data. This allows quires establishing a public-key infrastructure either in-
maximum interoperability with RFC 821 conformant house or by using any of the public certificate authorities
MTAs (Stevens, 1993). (Sheldon 2001).

bid44608_ch85.indd 12 6/4/07 [Link] PM

 MAIL ACCESS MODES 13

Figure 6: An example of a multi-part message in MIME format with mixed subtypes

MAIL TRANSMISSION TYPES An Internet mail server (known as the mail transfer
The SMTP (RFC821) and the Standard for the Format agent, described earlier) is the software responsible for
of Advanced Research Project Agency (ARPA) Internet transmitting and receiving e-mail across the Internet. The
Text Messages (RFC822) specify that a set of “Received” MTA software is run on a computer that has a connection to
lines will be prepended to the headers of electronic mail the Internet and is managed, monitored, and backed up by
messages as they are transported through the Internet ISPs or a company’s information services staff. Some mail
(Mail Parameters 2006). The received line may optionally servers store mail only until the user retrieves it, whereas
include either or both a “via” phrase or a “with” phrase others store user mail permanently. An e-mail user typi-
(or both). The legal value for the “via” phrase is intended cally uses a mail client program to interact with the mail
to indicate the link or physical medium over which the server (Rose 1993).
message was transferred (e.g., the UUCP link type should A mail client (known as the mail user agent, described
be specified for the Unix-to-Unix Copy Program). The earlier) is the software that a user employs to read, send,
“with” phrase is intended to indicate the protocol or logi- file, and otherwise process the electronic mail. Usually
cal process that has been used to transfer the message running on a user’s desktop computer, the mail client also
(e.g., SMTP or ESMTP parameters are used respectively manages related e-mail data (address books, spelling dic-
for SMTP [RFC821] or SMTP with service extensions tionaries, and stationery). The mail client connects to a
[RFC1869] protocol types). mail server to retrieve new mail. Some mail clients also
use the mail server to store all e-mail (Rose 1993).
The communication between the mail client and mail
MAIL ACCESS MODES server is regulated by the mail access protocol, a standard-
To reach its final destination, an e-mail message should ized set of transmitted commands and responses sent over
be handled by a mail server, the mail access protocol, many different types of network connections. The pro-
and the mail client. A general concept of how these com- tocol commands (created for managing access to the
ponents work together is described in “Accessing Your Internet e-mail only) depend on a design approach that can
Mail” (1997). significantly affect the manner, modes, characteristics,

bid44608_ch85.indd 13 6/4/07 [Link] PM

 14 SMTP (SIMPLE MAIL TRANSFER PROTOCOL)

and capabilities of the interaction between the mail have been previously downloaded from the server. The
client and mail server (“Accessing Your Mail” 1997). The mail client can then download only new messages. POP
SMTP Protocol handles the task of the actual sending of also provides the ability to selectively delete messages
e-mail on the Internet. from the server. It can be used by a mail client to perform
A mail access protocol operates in three common modes basic resynchronization of the inbox on the server and on
that differ in where and how a user stores and processes the user’s computers. The client can leave the most recent
his or her mail (“Accessing Your Mail” 1997): messages on the server after they have been downloaded.
These messages can then be downloaded a second time to
• Offline mode—e-mail is downloaded from a tempo- a second computer. Additionally, some POP implementa-
rary storage on the mail server to the user’s computer. tions provide optional features, such as allowing users to
After download, the mail is deleted from the server. download only headers at one session, to review the top-
• Online mode—user’s e-mail, his or her inbox, and all ics, and then download selected bodies and attachments
filed mail remains permanently on the mail server. By in a subsequent session to minimize connection times
connecting to the server and establishing an e-mail ses- over slow links (“Accessing Your Mail” 1997).
sion, the user can download a temporary copy of his or POP servers are widely available both commercially
her e-mail and read it, or send e-mail. Once the connec- and as freeware on a number of operating systems. More-
tion is finished, the copy is erased from user’s compu- over, there are almost no interoperability issues between
ter, and only the original remains on the server. POP servers and mail clients, and users can use any POP
• Disconnected/resynchronization mode—combines mail client with any POP server. All ISPs support and
both offline and online modes. A copy of the user’s use POP.
e-mail is downloaded to his or her computer(s), and In the end-to-end application related to SMTP, the
the original message remains on the mail server. The server must be available whenever a client (sender) trans-
user can change a local copy of his or her e-mail on any mits mail. If the SMTP server resides on an end-user PC
computer, then resynchronize all copies, including the or workstation, that computer must be running the server
original e-mail message on the server and copies on ad- when the client is trying to send mail. For some operating
ditional computers. systems (e.g., when a server program is activated on the
VM SMTP service virtual machine or the MAIL program
All three modes offer multiplatform support. This includes on DOS), the server becomes unavailable and unreach-
support for existing platforms such as UNIX, Microsoft able by the SMTP client (SMTP, 2004). The mail-sending
Windows, and Apple Macintosh, and future platforms process will fail in these cases. Especially, it is important
such as Java Mail Service–based network computers. All for single-user systems that the client has an accessible
three modes, including their advantages and disadvan- mailbox on various types of server (RFC 1725).
tages, are discussed in detail in “Accessing Your Mail” One of the simplest approaches to resolve this prob-
(1997). Two dedicated protocols (POP3 and IMAP4) of re- lem is to allow the end user to run a client program,
trieving e-mail are considered in the next section. which communicates with a server program on a host.
Instead of using POP3 or IMAP4, on some systems it is This server program acts as both a sender and a receiver
possible for a user to have direct server access to e-mail. SMTP (SMTP 2004). Here the end-user mailbox resides
This is most commonly done on UNIX systems, where on the server, and the server system is capable of sending
protocols like TELNET or NFS (Network File System) can mail to other users.
give a user shared access to mailboxes on a server (TCP/IP In another approach, the SMTP server function has to
Guide 2006). Being the oldest method of e-mail access, be off-loaded from the end-user workstation, but not the
it provides the user (who must be on the Internet to read SMTP client function. In this case, the user has a mail-
e-mail) with the most control over his or her mailbox, and box that resides on a server system, and he can send mail
is well-suited to those who must access mail from many directly from the workstation. To collect mail from the
locations. mailbox, the user must connect to the mail server system.
The current post office protocol version 3 (RFC 1725)
is a draft standard protocol, and its status is elective.
POP3 extensions are described in RFC 2449. POP3 secu-
MAIL ACCESS PROTOCOLS rity options are introduced in RFC 2595. The RFC 1734
POP3 describes the optional AUTH command for indicating an
POP is used on the Internet to retrieve e-mail from a mail authentication mechanism to the POP3 server, perform-
server. There are two versions of POP. The first, known ing an authentication protocol exchange, and optionally
as POP2 (RFC 937), became a standard in the mid-1980s negotiating a protection mechanism for subsequent pro-
and requires SMTP to send messages. Nowadays it has a tocol interactions (Sheldon 2001).
status of “not recommended.” The newer version, POP3
(RFC 1725), can be used with or without SMTP.
POP was designed primarily to support the offline ac- IMAP4
cess mode (RFC 1939). Typically, e-mail arrives from the IMAP is a protocol for retrieving e-mail messages (RFC
network and is placed in the user’s inbox on the server. 1064). The IMAP4 version is similar to POP3 but supports
POP is then used to transfer the mail from the user’s inbox some additional features. For example, with IMAP4, the
on the server to the user’s computer. POP is designed so user can search through his or her e-mail messages for
that mail client software can determine which messages key words while the messages are still on the mail server.

bid44608_ch85.indd 14 6/4/07 [Link] PM

 STANDARDS, ORGANIZATINOS, AND ASSOCIATIONS 15

The user can then choose which messages to download to attacks; debug-mode-leak category; and crashing
his or her machine. antivirus-software attack (“SMTP Problems” 2006). Most
IMAP uses SMTP as its transport mechanism. Follow- SMTP-specific vulnerabilities occur from misapplied
ing the simple analogy (Sheldon, 2001), IMAP servers are or unapplied patches related to Sendmail installations or
like post offices, whereas SMTP is like the postal carri- misconfigured Sendmail daemons on the SMTP servers
ers. IMAP uses TCP to take advantage of its reliable data (Campbell et al. 2003).
delivery services, which are allocated on the TCP port ISPs restrict access to their outgoing mail servers to
143. The latest IMAP version 4, revision 1 (IMAP4rev1) is provide better service to their customers and prevent spam
defined in RFC 2060. from being sent through their mail servers. There are sev-
IMAP has many advanced features, such as the ability eral methods for establishing restrictions that could result
to address mail not by arrival number, but by using at- in denying users’ access to their outgoing mail server.
tributes (e.g., “Download the latest message from Smith”). Originally (see RFC 821), e-mail servers (configured
This feature allows the mailbox to be structured more for SMTP relay) did not verify the claimed sender identity
like a relational database system rather than a sequence and would simply pass the mail on with whatever return
of messages (Tanenbaum, 2003). Authentication mecha- address was specified. Bulk mailers have taken advantage
nisms are described in RFC 1731. Security issues have of this to send huge volumes of mail with bogus return
been introduced in “IMAP4/POP Authorization for Simple addresses. This results in slowing down servers.
Challenge/Response” (RFC 2195), “IMAP4 Login Refer- To fix the problem, the origin of a spam e-mail should be
rals” (RFC 2221), and “IMAP4 Implementation and Best identified. An e-mail message typically transports through
Practices” (RFC 2683). a set of SMTP servers (including the sender’s and receiver’s
servers) before reaching the destination host. Along this
pass, messages get “stamped” by the intermediate SMTP
SMTP VULNERABILITIES servers. The stamps release tracking information that can
The processes of retrieving e-mail from servers and man- be identified in the mail headers. Mismatches between the
aging data communication through the Internet are vul- IP addresses and the domain names in the header could
nerable to various attacks. A review of vulnerabilities can unveil the real source of spam mail. The real domain
be found in “Vulnerability Tutorials” (2006) released by names that correspond to the indicated IP addresses can
the Saint Corporation. The Common Vulnerabilities and be found out by executing a reverse DNS lookup. Mod-
Exposures (CVE) organization provides a list of stand- ern mail programs have incorporated this functionality,
ardized names for SMTP vulnerabilities (for both CVE which generates a Received: header line that includes
entries and CAN candidates) and other information se- the identity of the attacker (see examples in Campbell
curity exposures (CVE 2006). Summaries of major SMTP et al. 2003).
vulnerability problems are discussed in (Riabov 2006). Antispoofing measures are under active development.
SMTP was designed in an era when security of the Mail Abuse Prevention System (MAPS) and Open Relay
internet was not an issue. As a result, the SMTP protocol Behavior-Modification System (ORBS) provide testing,
includes no robust security mechanism. For example, reporting and cataloging of e-mail servers configured
someone can use the TELNET protocol to connect directly for SMTP relay. These organizations maintain real-time
to an SMTP server on port 25. The SMTP commands and blackhole lists (RBL) of mail servers with problematic his-
replies can all be sent as text, and, therefore, a person can tories. For protection and security purposes, companies
manually perform a mail transaction. This is useful for may configure their SMTP servers and other e-mail service
debugging, but also makes abuse of a wide open SMTP systems in such manner that any mail coming from
server trivially easy. Since spammers often do not want to RBL-blacklisted mail servers is automatically rejected
be identified, they employ spoofing techniques to make (Campbell et al. 2003). Other initiatives for restricting the
it more difficult to identify them (Kozierok 2006). Nowa- sender address spoofing include SPF, Hotmail domain
days, most modern SMTP servers incorporate several cookies, and Microsoft’s caller ID. The analysis of various
security features to avoid vulnerability problems. SMTP security issues can be found in (Riabov 2006).
A security audit of selected SMTP problems has been
provided by the U.S. Computer Emergency Readiness
Team (CERT) Coordination Center operated by Carnegie
STANDARDS, ORGANIZATIONS, AND
Mellon University, and E-Soft. Detailed information about ASSOCIATIONS
vulnerability problems, possible actions of an attacker or Internet Assigned Numbers Authority
spammer, recommendations for downloading updated
The IANA (2006) provides the central coordinating func-
versions of software, examples of code modification, and
tions of the global Internet for the public needs. The
test results can be found on the CERT (2006) and Secu-
IANA organization maintains a registry of the following
rity Space (“SMTP Problems,” 2006) Web sites.
services:
The vulnerability problems can be grouped into sev-
eral general high-risk categories: buffer overflow; redi- • Domain name services
rection attacks through the firewall; bounced “piping” • Database of indexes by Top-Level Domains code
attacks; and host-shell-gaining attacks. The medium-to-
high risk category includes denial-of-service attacks. Low-
• “Whois” service of domain name recognition
to-medium-risk categories include mail relaying on • IP address assignment services (for both IPv4 and IPv6)
the remote SMTP server, mail-queue manipulation • Protocol number assignment services

bid44608_ch85.indd 15 6/4/07 [Link] PM

 16 SMTP (SIMPLE MAIL TRANSFER PROTOCOL)

Internet Engineering Task Force Working (multimedia) messages. POP3 and the IMAP 4 together
with SMTP are used to receive mail by a mail server and
Groups
hold it for hosts. The SMTP’s lack of security is a problem
Internet electronic mail was originally defined in the for businesses. The security in the SMTP transactions
RFC821 standard as a part of the IETF project. Since can be supported by S/MIME and other methods.
August 1982, e-mail standards declared in this document
were updated and revised by the IETF Detailed Revision/
Update of Message Standards (DRUMS) Working Group.
The group is also searching new directions in the elec- GLOSSARY
tronic message communication through the Internet. The Body: The text of an e-mail message. The body of a
latest SMTP documents (including RFCs) can be found message follows the header information.
on the DRUMS Web site (IETF DRUMS 2006). Client: Any application program used to retrieve infor-
The IETF Message Tracking Protocol (MSGTRK) Work- mation from a server. Internet clients include World
ing Group (IETF MSGTRK, 2006) is designing diagnostic Wide Web browsers, Usenet newsreaders, and e-mail
protocols that a sender can use to request information programs.
from servers about the submission, transport, and deliv- Client–server: The relationship between two application
ery of a message, regardless of its status. The “Deliver by programs. One program, the server, is responsible for
SMTP Service Extension” document (RFC 2852) specifies servicing requests from the other program, the client.
extensions to define message delivery time for making a Delivery status notification (DSN): An extended
decision to drop the message if it is not delivered within SMTP service that provides information about the de-
a specific time period. For diagnostic purposes, the livery status of an e-mail message to the sender.
“diagnostic-type” parameter (e.g., smtp for the Internet Disconnected–Resynchronization Mode: A mail-
Mail) is defined for use in the SMTP delivery status noti- access mode in which mail is synchronized between a
fication (see RFC1891). server and a client computer. By synchronizing mail
The IETF S/MIME Mail Security (SMIME) Working on the server, users can access their own mail from
Group is developing S/MIME security standards. The lat- any computer that has access to the server where the
est S/MIME documents (including RFCs) can be found mail is stored.
on the SMIME Web site (IETF SMIME, 2006). Domain name system (DNS): A behind-the-scenes In-
ternet service that translates Internet domain names
Internet Mail Consortium to their corresponding IP addresses, and vice versa.
E-Mail client: An application that runs on a personal
The Internet Mail Consortium Web site (IMC 2006) pub-
computer or workstation and enables the sender to
lishes a complete list of electronic mail-related requests
send, receive, and organize e-mail. It is called a client
for comments documents (RFCs).
because e-mail systems are based on a client–server
architecture. Mail is sent from many clients to a
Mitre Corporation central server, which reroutes the mail to its intended
The Mitre Corporation publishes a list of standardized destination.
names for all publicly known vulnerabilities and security Encapsulated address: This address provides a way to
exposures known as Common Vulnerabilities and Expo- send the e-mail to a site acting as a gateway for another
sures (CVE 2006). site while indicating the server to which the message
eventually needs to be sent. An encapsulated address
consists of an address within an address; the outer
address directs the mail to the gateway, which uses the
CONCLUSION inner address to determine where to send the e-mail.
SMTP is an application protocol from the TCP/IP protocol Because the Exchange Internet Mail Service (IMS) uses
suite that enables the support of e-mail on the Internet. SMTP as its e-mail protocol, mails sent to an IMS will
Mail is sent by a series of request–response transactions use encapsulated SMTP as their addressing scheme.
between a client and a server. The transactions pass the Gateway: Software that translates data from the stand-
message, which is composed of header and body, and the ards of one system to the standards of another. For
envelope (SMTP source and destination addresses). The example, a gateway might exchange and convert
header contains the mail address(es), which consists of Internet e-mail to X.400 e-mail.
two parts: a local address (also known as a “user mail- Header: Part of an e-mail message that precedes the
box”) and a domain name. Both SMTP client and SMTP body of the message and provides the message origi-
server require a user agent (UA) and a mail transfer agent nator, date, and time.
(MTA). The MTA function is transferring the mail across Internet message access protocol (IMAP): An Inter-
the Internet. The command–response mechanism is used net protocol used by mail clients for retrieving e-mail
by SMTP to transfer messages between an MTA client messages stored on servers. The latest version, IMAP4,
and an MTA server in three stages: connection establish- is similar to POP3 but supports some additional fea-
ment, mail transfer, and connection termination. The en- tures; for example, a user can search through his e-mail
velope is transmitted separately from the message itself messages for key words while the messages are still on
using the MAIL and RCPT commands. MIME, which is mail server. The user can then choose which messages
an extension of SMTP, allows the transfer of non-ASCII to download to his or her computer. While IMAP-based

bid44608_ch85.indd 16 6/4/07 [Link] PM

 REFERENCES 17

applications can operate in offline mode, they typically Spam: Undesired junk e-mail or junk postings offering
operate in online or disconnected–resynchronization dubious business deals.
mode. User agent (UA): An SMTP component that prepares
Mail access protocol: A standardized set of commands the message, creates the envelope, and puts the mes-
and responses responsible for communication be- sage in the envelope.
tween the mail client and mail server.
Mail client: The software used to read, file, send, and
otherwise process e-mail, typically running on a user’s CROSS REFERENCES
desktop computer.
See E-mail and Instant Messaging; Internet Domain Name
Mail delivery agent (MDA): The software that runs
System; TCP/IP Suite.
mail-delivery processes on the machine where a users’
mailbox is located. Often, that delivery is performed
directly by the mail transfer agent (MTA), which then
serves a secondary role as an MDA. Examples of sep- REFERENCES
arate mail delivery agents include Procmail, Deliver, QUALCOMM. 1997. Accessing your mail when and where
and Cyrdeliver. you want on the Internet. [Link]
Mailbox: A file where e-mail messages are stored. docs/[Link] (accessed March 11, 2006).
Mail relaying: A legitimate practice in which e-mail Campbell, P., B. Calvert, and S. Boswell. 2003. Security⫹
is routed to an intermediate mail server, which then Guide to Network Security Fundamentals. Boston:
delivers it to the recipient’s mail server. For example, Cisco Learning Institute.
a company can have several servers and one of them CERT Computer Emergency Readiness Team. 2006. Vul-
is designated as a mail gateway to the Internet. Any nerability Database. [Link] (accessed
e-mail sent to the company would arrive at the gateway March 11, 2006).
server and then be relayed to the appropriate server Cisco SMTP. 2006. [Link]
for delivery to the recipient. Malicious users some- doc/product/software/ioss390/ios390ug/[Link]
times try to perform unauthorized mail relaying. (accessed March 11, 2006).
Mail server: A computer typically managed by an ISP Comer, D. F. 2005. Internetworking with TCP/IP, Vol. 1:
or information services department that handles re- Principles, Protocols, and Architecture, 5th edition.
ceipt and delivery of e-mail messages. It also may store Upper Saddle River, NJ: Prentice Hall.
mail for the user on a temporary or permanent basis. CVE: Common Vulnerabilities and Exposures. 2006.
Multipurpose Internet mail extensions (MIME): An Mitre Corporation. Retrieved March 11, 2006, from
Internet standard that provides the transfer of nontext [Link] (accessed March 11, 2006).
information, such as sounds and graphics, and non- Forouzan, B. A. 2005. TCP/IP Protocol Suite, 3rd edition.
U.S. English (such as Cyrillic, Chinese, or Japanese) New York: McGraw-Hill.
via e-mail. How to set SMTP security options in Windows 2000. 2006.
Mail transfer agent (MTA): The software that is run- [Link]
ning on a mail server that relays, and delivers mail. [Link]/support/kb/articles/
Mail user agent (MUA): The software (also known as Q303/7/[Link]&NoWebContent⫽1 (accessed March
the mail client) used to read, file, send, and process 11, 2006).
e-mail, typically running on a desktop computer. IETF DRUMS. 2006. Internet Engineering Task Force
Network virtual terminal (NVT): A set of facilities for Working Group: Detailed Revision/Update of Message
establishing communication by using the TCP/IP pro- Standards (DRUMS). [Link]
tocols OLD/[Link] (accessed March 11, 2006).
On-demand mail relay (ODMR): A restricted profile of IETF MSGTRK. 2006. Internet Engineering Task
SMTP described in RFC 2645. Force Working Group. Message Tracking Protocol
Post office protocol (POP): A protocol used to retrieve (MSGTRK). [Link]
e-mail from a mail server in offline mode. An e-mail [Link] (accessed March 11, 2006).
client that implements the POP protocol downloads all IETF SMIME. 2006. Internet Engineering Task Force
new mail from a mail server, terminates the network Working Group. S/MIME Mail Security (SMIME).
connection, and processes all mail offline at the client [Link]
computer. The current version, POP3 can be used with (accessed March 11, 2006).
or without SMTP. Internet Assigned Numbers Authority (IANA). 2006.
Port: In a software device, a port is a specific memory [Link] (accessed March 11, 2006).
address that is mapped to a virtual networking cable. Internet Mail Consortium (IMC). 2006. [Link]
Ports allow multiple types of traffic to be transmitted org/[Link] (accessed March 11, 2006).
to a single IP address. SMTP traditionally uses port 25 Kozierok, C. M. 2006. TCP/IP Electronic Mail Delivery
for e-mail communication. Protocol: The Simple Mail Transfer Protocol (SMTP).
Server: A host computer that provides resources to cli- [Link]
ent computers. [Link] (accessed
Simple mail transfer protocol (SMTP): A protocol March 11, 2006).
widely used to exchange e-mail between e-mail servers Mail Parameters. 2006. [Link]
on the Internet. mail-parameters (accessed March 11, 2006).

bid44608_ch85.indd 17 6/4/07 [Link] PM

 18 SMTP (SIMPLE MAIL TRANSFER PROTOCOL)

RFC821 (STD 10): Simple mail transfer protocol. 1982. RFC1891: SMTP service extension for delivery status no-
[Link] (accessed March 11, tification. 1996. [Link] (ac-
2006). cessed March 11, 2006).
RFC822 (STD 11): Standard for the format of ARPA— RFC1893: Enhanced Mail System Status Codes. 1996.
Internet Text Messages. 1982. [Link] [Link] (accessed March
[Link] (accessed March 11, 2006). 11, 2006).
RFC876. Survey of SMTP implementations. 1983. http:// RFC1939 (STD 53): Post office protocol, version 3. 1996.
[Link]/rfc/[Link] (accessed March 11, 2006). [Link] (accessed March 11,
RFC937: Post office protocol—Version 2. 1985. http:// 2006).
[Link]/rfc/[Link] (accessed March 11, 2006). RFC1985: SMTP Service extension for remote message
RFC1064: Interactive mail access protocol—Version 2. queue starting. 1996. [Link]
1988. [Link] (accessed txt (accessed March 11, 2006).
March 11, 2006). RFC2033: Local mail transfer protocol. 1996. [Link]
RFC1123: Requirements for Internet hosts—application [Link]/rfc/[Link] (accessed March 11, 2006).
and support. 1989. [Link] RFC2034: SMTP service extension for returning enhanced
(accessed March 11, 2006). status codes. 1996. [Link]
RFC1274: The COSINE and Internet X.500 schema. 1991. (accessed March 11, 2006).
[Link] (accessed March 11, RFC2060: Internet message access protocol, Version
2006). 4rev1. 1996. [Link] (ac-
RFC1327: Mapping between X.400 (1988)/ISO10021 and cessed March 11, 2006).
RFC 822. 1992. [Link] (ac- RFC2195: IMAP/POP authorization for simple challenge/
cessed March 11, 2006). response. 1997. [Link] (ac-
RFC1425: SMTP Service Extensions. 1993. [Link] cessed March 11, 2006).
[Link]/rfc/[Link] (accessed March 11, 2006). RFC2221: IMAP4 login referrals. 1997. [Link]
RFC1521: MIME (multipurpose internet mail extensions), org/rfc/[Link] (accessed March 11, 2006).
part one: Mechanisms for specifying and describing the RFC2316: Report of the IAB Security Architecture Work-
format of Internet message bodies. 1993. [Link] shop. 1998. [Link] (ac-
[Link]/rfc/[Link] (accessed March 11, 2006). cessed March 11, 2006).
RFC1522: MIME (multipurpose internet mail exten- RFC2449: POP3 extension mechanism. 1998. [Link]
sions), part two: Message header extensions for non- [Link]/rfc/[Link] (accessed March 11, 2006).
ASCII Text. 1993. [Link] RFC2554: SMTP service extension for authentication.
(accessed March 11, 2006). 1999. [Link] (accessed
RFC1651: SMTP service extensions. 1994. [Link] March 11, 2006).
[Link]/rfc/[Link] (accessed March 11, 2006). RFC2595: Using TSL with IMAP, POP3 and ACAP. 1999.
RFC1652: SMTP Service Extension for 8bit-MIME [Link] (accessed March 11,
transport. 1994. [Link] (ac- 2006).
cessed March 11, 2006). RFC2645: On-demand mail relay (ODMR) SMTP with
RFC1653: SMTP Service extension for message size dynamic IP addresses. 1999. [Link]
declaration. 1994. [Link] [Link] (accessed March 11, 2006).
(accessed March 11, 2006). RFC2683: IMAP4 implementation and best practices.
RFC1725: Post office protocol—version 3, RFC 1725. 1999. [Link] (accessed
1994. [Link] (accessed March 11, 2006).
March 11, 2006). RFC2821: Simple mail transfer protocol. 2001. http://
RFC1731: IMAP4 authentication mechanisms. 1994. [Link]/rfc/[Link] (accessed March 11,
[Link] (accessed March 2006).
11, 2006). RFC2822: Internet Message Format. 2001. [Link]
RFC1734: POP3 AUTHentication command. 1994. http:// [Link]/rfc/[Link] (accessed March 11, 2006).
[Link]/rfc/[Link] (accessed March 11, RFC2852: Deliver by SMTP service extension. 2000.
2006). [Link] (accessed March
RFC1845: SMTP service extension for Checkpoint/ 11, 2006).
Restart. 1995. [Link] (ac- RFC2920: SMTP service extension for command pipelin-
cessed March 11, 2006). ing. 2000. [Link] (accessed
RFC1846: SMTP 521 reply code. 1995. [Link] March 11, 2006).
org/rfc/[Link] (accessed March 11, 2006). RFC3030: SMTP service extensions for transmission of
RFC1847: Security Multiparts for MIME: Multipart/ large and binary MIME messages. 2000. [Link]
Signed and Multipart/Encrypted. 1995. [Link] [Link]/rfc/[Link] (accessed March 11, 2006).
[Link]/rfc/[Link] (accessed March 11, 2006). RFC3207: SMTP service extension for secure SMTP over
RFC1869: SMTP service extensions. 1995. [Link] transport layer security. 2002. [Link]
[Link]/rfc/[Link] (accessed March 11, 2006). [Link] (accessed March 11, 2006).
RFC1870: SMTP service extension for message size dec- Riabov, V. V. 2006. Simple mail transfer protocol. In:
laration. 1995. from [Link] Handbook on Information Security, volume 1: Key Con-
(accessed March 11, 2006). cepts, Infrastructures, Standards and Protocols, edited

bid44608_ch85.indd 18 6/4/07 [Link] PM

 FURTHER READING 19

by Hossein Bidgoli. Hoboken, NJ: John Wiley & Sons, Office Solutions. [Link]
pp. 878–900. als/[Link] (accessed March 11, 2006).
Rose, M. T. 1993. The Internet Message, Closing the Book IMAP Information Center. 2006. [Link]
with Electronic Mail. Upper Saddle River, NJ: Prentice edu/imap/ (accessed March 11, 2006).
Hall. Microsoft Security Bulletins. 2006. [Link]
Sheldon, T. 2001. McGraw-Hill Encyclopedia of Network- com/technet/security/bulletin/ (accessed March 11,
ing and Telecommunications. New York: McGraw-Hill. 2006).
Simple Mail Transfer Protocol (SMTP). (2004). [Link] Raynal, F. 2000. Bastille Linux, MISC Magazine. http://
[Link]/arts150/[Link] (accessed September [Link]/index.php3?page=103 (ac-
24, 2004). cessed March 11, 2006).
SMTP problems. (2006). E-Soft, Inc. http:// RFC1090: SMTP on X.25. 1989. [Link]
w w w. s e c u r i t y s p a c e . c o m / s m y s e c u r e / c a t d e s c r. [Link] (accessed March 11, 2006).
html?cat=SMTP+problems (accessed March 11, 2006). RFC1730: Internet message access protocol—Version
SMTP specifications. 2006. [Link] 4. 1994. [Link] (accessed
com/enp/protocol/[Link] (accessed March 11, March 11, 2006).
2006). RFC1733: Distributed electronic mail models in IMAP4.
Stevens, W. R. 1993. TCP/IP Illustrated: The Protocols, 1994. [Link] (accessed
Volume I. Boston, MA: Addison-Wesley. March 11, 2006).
Tanenbaum, A. S. 2003. Computer Networks, 4th edition. RFC1830: SMTP service extensions for transmission of
Upper Saddle River, NJ: Prentice Hall PTR. large and binary MIME messages.1995. [Link]
TCP/IP Guide. 2006. TCP/IP Electronic Mail Access and Re- [Link]/rfc/[Link] (accessed March 11, 2006).
trieval Protocols and Methods. [Link] RFC2045: MIME, part one: Format of Internet message
com/free/t_TCPIPElectronicMailAccessandRetrieval- bodies. 1996. [Link] (ac-
[Link] (accessed March 11, 2006). cessed March 11, 2006).
Tschabitscher, H. 2006. How Base64 Encoding Works. RFC2046: MIME, part two: Media types. 1996. [Link]
In: Your Guide to E-mail. [Link] [Link]/rfc/[Link] (accessed March 11, 2006).
standards/a/base64_encoding.htm (accessed March RFC2047: MIME, part three: Message header exten-
11, 2006). sions for non-ASCII text. 1996. [Link]
Vulnerability Tutorials. 2006. Saint Corporation. http:// [Link] (accessed March 11, 2006).
[Link]/demo/saint/vulnerability_ RFC2048: MIME, part four: Registration procedures.
[Link] (accessed March 11, 2006). 1996. [Link] (accessed
What is SMTP? 2006. [Link] March 11, 2006).
definition/0,289893,sid9_gci214219,[Link] (accessed RFC2049: MIME, part five: Conformance criteria and ex-
March 11, 2006). amples. 1996. [Link] (ac-
Wikipedia. 2006. Mail Delivery Agent. [Link] cessed March 11, 2006).
org/wiki/Mail_Delivery_Agent (accessed March 11, RFC2197: SMTP service extension for command pipelin-
2006). ing. 1997. [Link] (accessed
March 11, 2006).
RFC2442: The batch SMTP media type. 1998. [Link]
[Link]/rfc/[Link] (accessed March 11, 2006).
FURTHER READING RFC2487: SMTP service extension for secure SMTP over
Antirelay Parse. 2006. Sendmail organization, antirelay TLS. 1999. [Link] (ac-
rules. [Link] cessed March 11, 2006).
(accessed March 11, 2006). RFC2505: Anti-spam recommendations for SMTP MTAs.
Authentication error in SMTP service could allow mail 1999. [Link] (accessed
relaying. 2001. Microsoft Security Bulletin, MS01-037. March 11, 2006).
[Link] RFC3461: Simple mail transfer protocol (SMTP) service
[Link] (accessed March 11, 2006). extension for delivery status notifications (DSNs. 2003.
Bastille Linux Project. 2006. Open Source Development [Link] (accessed March 11,
Network. [Link] 2006).
Bastille Project. 2006. [Link] (ac- Setting SMTP Security. 2006. Texoma, Inc. [Link]
cessed March 11, 2006). [Link]/imail/user/setting_smtp_security.htm (ac-
CA Vulnerability Information Center. 2000. @Work Smart- cessed March 11, 2006).
Server3 SMTP vulnerability. [Link] SMTP Tutorial at RAD Data Communications. (1998).
curityadvisor/vulninfo/[Link]?ID=1972 (accessed [Link]
March 11, 2006). (accessed March 11, 2006).
Fugatt, M. 2002. Blocking incoming mail using Microsoft The IMAP Connection. 2006. [Link] (ac-
Exchange 2000. Tutorials: Exchange 2000, Pentech cessed March 11, 2006).
Office Solutions. [Link] What is SMTP Security? 2006. [Link]
[Link] (accessed March 11, 2006). faq/what_is_smtp.htm (accessed March 11, 2006).
Fugatt, M. 2002. Understanding relaying and spam with
Exchange 2000. Tutorials: Exchange 2000, Pentech

bid44608_ch85.indd 19 6/4/07 [Link] PM