Basically, three parties are involved in transferring an electronic message. These are the sender, recipient, and a mail server. The email goes from the sender to the mail server, which then lets the recipient get the message. What is the role of email protocol here? It establishes connections between transferring parties. So, one protocol is needed to send, and one – to receive. Today, we’ll review the three most commonly used email protocols – SMTP, POP3, IMAP – and help you choose the right option for your purposes.
SMTP – a protocol to send emails
What is SMTP?
Simple Mail Transfer Protocol (SMTP) establishes how the message gets from the sender to the email server. Also, it is used by a mail transfer agent (MTA) to deliver email between servers – mail relaying. SMTP is meant only to send emails.
How SMTP works
SMTP workflow consists of commands sent by the SMTP client and corresponding replies by the SMTP server. Commands are text-based like HELO, MAIL FROM, and others. Also, there can be used extended SMTP (ESMTP) commands like EHLO, STARTTLS, etc. Replies are represented by numeric completion codes like 220, 250, 354, and so on. For more on SMTP commands and response codes, read our dedicated blog post.
Any SMTP conversation consists of three stages:
- SMTP handshake – The SMTP client establishes a TCP connection to the SMTP server. Once the server replies with 250, the handshaking starts. The stage ends when the server confirms the recipient’s address.
- Email transfer – Code 354, as a response to the DATA command, launches the transfer of the email. Once the server gets a final dot, the message is transferred.
- Termination – Client and server say goodbye to each other using the command QUIT and the code 221 respectively.
Let’s take a look at the interaction between the SMTP client and server through a simple email delivery example:
Command or Response | What it means |
Client: HELO client.rocket.com or EHLO client.rocket.com | Identifies itself and initiates the SMTP conversation. The domain name or IP address is usually sent as an argument together with the command. EHLO is an alternative command to start the conversation. It identifies that the client uses the ESMTP protocol. |
Server:250 | OK or completed |
Client: MAIL FROM:<andy@rocket.com> | Says that a new mail transaction is starting and specifies the sender |
Server:250 | OK or completed |
Client: RCPT TO:<jane@gmail.com> | Specifies the recipient. (For multiple recipients, the command will be repeated for each recipient’s address) |
Server:250 | OK or completed |
Client: DATA | Initiates the transfer of the email contents including body text, attachments, and so on. |
Server:354 | Lets the client start the content transfer |
Client: Date: Wed, 24 July 2019 16:03:23 | Date |
Client: From: andy@rocket.com | From header |
Client: Subject: How SMTP works | Subject line |
Client: To: jane@gmail.com | To header |
Client: | Empty line |
Client: Hope, it’s not boring:) | Body text |
Client: . | Once the message contents have been transferred, a single dot must be sent in a line to terminate. |
Server:250 | OK or completed |
Client: QUIT | Request to terminate the SMTP conversation |
Server:221 | Closes transmission channel |
SMTP ports
- 25
This is a standard port for SMTP mail relaying – email transition between email servers. Cloud hosting providers and many email clients block the port 25 to combat email spamming. They give precedence to secure connections like 587 or 465.
- 465
465 is not an RFC-compliant port. It was meant for the SMTPS encryption and authentication wrapper over SMTP. IANA registered 465 as an SMTP port, but it has never been recognized as an official SMTP transmission or submission channel. Later on, however, port 465 was obsolete and revoked in favor of STARTTLS wrapper over SMTP. Nevertheless, today many servers still use SMTPS and maintain 465.
- 587
A default SMTP port 587 is the option to submit an email for routing. TLS encryption ensures the secure submission of the email. Almost all mail servers support 587.
- 2525
It is not an official SMTP port, but almost any email service provider supports it. 2525 is secured similarly to 587 and is often used in lieu of it. So, if the use of the default SMTP port causes some trouble, try out 2525.
For more on this, read our blogpost about SMTP ports.
IMAP4 and POP3 – protocols to receive emails
Once an email is already at the mail server, either IMAP or POP3 is used to retrieve it from there.
What is IMAP?
Internet Message Access Protocol (IMAP) is a communication standard to access email stored on the server. Today, its fourth version is in use, so the name of IMAP4 is also widespread. The key feature of this protocol is that the message remains on the server. It will be downloaded as soon as the recipient picks it to open. So, IMAP gets access to the email from any device or location if authorized. This is the go-to option of most email service providers so far.
How IMAP works
Here is the basic flow of the IMAP client/server interaction:
- A recipient’s email client connects to the server the message is stored on
- The recipient can see the headers of all the messages on the server
- If the recipient chooses a particular message to read, IMAP downloads it on demand
Under the hood, a primitive IMAP connection may look as follows:
Client command | Description |
LOGIN | Opens the IMAP connection |
LIST<br>CREATE<br>RENAME and other commands | Commands that allow you to manage mailbox |
SELECT | Defines the current mailbox and opens an IMAP session |
LIST<br>DOWNLOAD<br>DELETE and other commands | Commands that allow you to manage messages |
CLOSE | Closes the IMAP session. If you want to open a new session, you can do this by setting another current mailbox. Once the new session is opened, the IMAP server permanently updates the messages according to the previous session. |
LOGOUT | Closes the IMAP connection |
Here you can find a full selection of client commands.
Darn! We forgot about the IMAP server responses. There are three forms of them:
- Status Responses (
OK
,NO
,BAD
,PREAUTH
, andBYE
)
They may include a response code like ALERT
or CAPABILITY
. A response code gives additional information beyond the status response condition.
- Server Data
These responses include Server and Mailbox Status (CAPABILITY
, LIST
, etc.), Mailbox Size (EXISTS
and RECENT
), and Message Status (EXPUNGE
and FETCH
)
- Command Continuation Request
This response confirms that the server is ready to accept the continuation of the client’s command. It is by a “+
” token.
IMAP ports
- 143
A default IMAP port without encryption
- 993
A secured SSL/TLS port used by most email service providers. Also, it is often referred to as IMAPS.
What is POP3?
IMAP4 is a sophisticated email protocol. Post Office Protocol is a simpler way to access mailboxes. So far, the version 3 of this standard is widely used – therefore it is POP3. Users love this protocol for its low dependency on Internet connections. POP3 downloads emails from the server to the client, so you can read them even offline. The server deletes messages once they are retrieved. This is the default and common setting, but there is the option to enforce a site policy regarding email retention on the server. At the same time, even if the POP3 client contains configuration options to store mail on the server, the latter in fact won’t support this.
How POP3 works
POP3 connection consists of the four steps:
- The client connects to the server (AUTHORIZATION State)
- The client retrieves email (TRANSACTION State)
- The server deletes the stored messages (UPDATE State)
- The client disconnects from the server
Let’s take a look under the hood of a POP3 session as well.
We used only two commands (DELE and STAT) that are valid in TRANSACTION state. Here you can find more options. As for POP3 responses, they contain a status indicator (+OK or -ERR) and a keyword that may be enhanced with additional information (for example, -ERR no such message, only 2 messages in maildrop).
POP3 ports
- 110
A default POP3 port without encryption
- 995
A secured SSL/TLS port that is often referred to as POP3S.
IMAP or POP3 – which protocol should I choose?
First, we thought on making a table with a comparison of the pros and cons of IMAP vs. POP3. But this idea proved untenable since different users would have different demands as for the email protocol standards. So, we decided to set it up this way instead.
Pick IMAP4 if
- you need access to mail from different devices
- you need to organize your mail in folders or some sort of hierarchy
- you have no limitation as for the server storage capacity
- you have a constant stable Internet connection
- you need fast access to your mail
Pick POP3 if
- your Internet connection is unstable or even unavailable
- you care much of your privacy since no copies are left on the server after you received the email
- you’re the only person with access to your mail and use a single device for it
If you’re still undecided about which protocol to choose, we can help. Check out our article on the key differences between IMAP or POP3.
How an email gets from a sender to a recipient
Now, you know what each email protocol is used for. Let’s map a full picture of how an electronic message can get from a sender (bruce@sender.com) to a recipient (jane@recipient.com).
- Sender’s email client connects to the SMTP server (for example, smtp.gmail.com)
- The SMTP server authenticates the recipient’s email address using DNS records (more about email authentication you can read in our dedicated blog posts on SPF, DKIM, and DMARC)
- Once the Gmail SMTP server authorized the recipient, it sends the email to the SMTP server of recipient.com
- Recipient.com’s SMTP server verifies whether jane@recipient.com is valid
- The SMTP server forwards the email to the IMAP/POP3 server
What is a fake SMTP server and why you might need it?
When you need to test whether your app can send emails, the aforementioned journey from sender to recipient can be troublesome. The SMTP server might be configured improperly, or some authentication issues may be revealed, to say nothing about the risk of spamming real users if you’re tweaking an app that is already in production. In this case, a fake or dummy SMTP server is the best option. It’s meant for developers and focused on testing.
For example, if you use Mailtrap, the email delivery flow will look as follows:
- Sender’s email client connects to the fake SMTP server (smtp.mailtrap.io). Mailtrap provides all the required credentials like port, username, password, authentication method, and TLS. Also, you can copy-paste a ready-to-use integration for most common languages and frameworks.
- The fake SMTP server sends the email to the POP3 server (pop3.mailtrap.io)
- You’ll see your message in your Demo inbox if your app functions properly.
That’s a brief overview. You can find more details in this Mailtrap getting started guide. As you can see, the major benefit of a fake SMTP server is that it responds positively to all SMTP commands. So, you do not need to worry about the functionality of your actual mail server.
What is HTTP doing here?
To wrap up our story, we must mention the HyperText Transfer Protocol as an option to access emails. HTTP is not actually for mail transfer. However, it can be used to send and receive messages from email web apps like Gmail. Also, it is a good practice to use HTTP for email access in mobile apps. The protocol has two default ports: a non-encrypted 80 and 443 for secure connections. Except for Gmail, the most common services that use HTTP protocol for accessing emails are Hotmail and Yahoo!