Back to Blog
    SMTP
    Email Protocol
    Networking

    SMTP Handshake Explained: The Protocol Behind Email Communication

    Michael Chen
    Network Security Expert
    February 10, 2025
    12 min read
    SMTP Handshake Explained: The Protocol Behind Email Communication

    Simple Mail Transfer Protocol (SMTP) is the backbone of email communication on the internet. Understanding the SMTP handshake process can help troubleshoot email delivery issues and improve your email infrastructure.

    What is SMTP?

    SMTP is a communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages.

    The SMTP Handshake Process

    When an email client or server wants to send an email, it follows a series of steps, commonly referred to as the "SMTP handshake":

    1. Establishing Connection

    The client establishes a TCP connection with the SMTP server, typically on port 25, 587, or 465.

    C: [Establishes TCP connection]

    2. Initial Greeting

    Once the connection is established, the server sends a greeting, which includes a status code (220) and information about the server.

    S: 220 mail.example.com ESMTP Postfix

    3. Client Identification (HELO/EHLO)

    The client identifies itself using the HELO or EHLO command. EHLO is used for Extended SMTP (ESMTP) and allows additional features.

    C: EHLO client.example.org

    4. Server Response to EHLO

    The server responds with a 250 status code and lists the SMTP extensions it supports.

    S: 250-mail.example.com
S: 250-SIZE 14680064
S: 250-PIPELINING
S: 250-AUTH PLAIN LOGIN
S: 250-STARTTLS
S: 250 HELP

    5. Authentication (if required)

    If the server requires authentication, the client provides credentials using the AUTH command.

    C: AUTH LOGIN
S: 334 VXNlcm5hbWU6
C: [Base64-encoded username]
S: 334 UGFzc3dvcmQ6
C: [Base64-encoded password]
S: 235 2.7.0 Authentication successful

    6. Mail Transaction

    The client initiates a mail transaction with the MAIL FROM command, identifying the sender.

    C: MAIL FROM:
S: 250 2.1.0 Ok

    7. Recipient Specification

    The client specifies the recipient(s) with the RCPT TO command.

    C: RCPT TO:
S: 250 2.1.5 Ok

    8. Data Transfer

    The client indicates it's ready to send the email content with the DATA command.

    C: DATA
S: 354 End data with .

    9. Message Content

    The client sends the email content, including headers and body, ending with a line containing only a period.

    C: From: Sender 
C: To: Recipient 
C: Subject: Test Email
C: 
C: This is a test email.
C: .
S: 250 2.0.0 Ok: queued as 12345

    10. Quit

    The client ends the session with the QUIT command.

    C: QUIT
S: 221 2.0.0 Bye

    Common SMTP Status Codes

    • 2xx - Success
    • 3xx - Additional information needed
    • 4xx - Temporary failure
    • 5xx - Permanent failure

    SMTP Security Enhancements

    STARTTLS

    STARTTLS allows an SMTP connection to be upgraded to use TLS encryption after initial connection.

    SMTPS

    SMTPS uses SSL/TLS encryption from the start of the connection, typically on port 465.

    SPF, DKIM, and DMARC

    These are email authentication methods that help prevent email spoofing and improve deliverability.

    Conclusion

    Understanding the SMTP handshake process is essential for diagnosing email delivery problems and securing your email infrastructure. By following best practices and implementing security enhancements, you can ensure reliable email communication for your organization or services.

    Related Articles

    Understanding DNS Records: A Complete Guide

    Understanding DNS Records: A Complete Guide

    Learn about the different types of DNS records and how they work to direct internet traffic to your domain.