My IP Help

SMTP

Also known as: Simple Mail Transfer Protocol

Simple Mail Transfer Protocol — the standard protocol for sending email between mail servers on the internet, typically over port 25, 465, or 587.

Last updated:

What is SMTP?

SMTP (Simple Mail Transfer Protocol) is the push-based protocol that email servers use to send messages to each other. When a user sends an email, their outgoing server opens an SMTP connection to the recipient's inbound server, exchanges a short command sequence (HELO/EHLO, MAIL FROM, RCPT TO, DATA), and hands off the message. The protocol has been in use since 1982 (RFC 821) and is still the backbone of internet email.

SMTP ports and usage

  • Port 25 — server-to-server mail relay, usually open outbound only on mail servers themselves. Often blocked by residential ISPs to reduce spam.
  • Port 587 — mail submission from authenticated clients (STARTTLS), the modern standard for "send email from your laptop or phone."
  • Port 465 — implicit-TLS submission, widely used by clients too.

SMTP itself is plaintext; security is layered on via STARTTLS (opportunistic encryption), SPF/DKIM/DMARC (sender authentication), and TLS-required policies like MTA-STS.

SMTP and IP reputation

Every received message carries a chain of SMTP hops in its Received headers, including the IP that submitted it. Those IPs are the single most reliable signal against spam and phishing — recipients check them against real-time blocklists (Spamhaus, SORBS, Barracuda Reputation Block List) and reject or quarantine mail from reputation-damaged IPs. A sender IP on a hosting ASN with no matching PTR record and no warmed-up history almost never gets its mail delivered.

Check a sending IP's abuse history before debugging a delivery issue with our IP abuse report checker.

Frequently Asked Questions

SMTP sends mail — between mail servers (server-to-server, port 25) and from clients to outbound servers (submission, ports 587 or 465). IMAP and POP3 retrieve mail — they let an email client (Outlook, Apple Mail, mobile app) pull messages from the user's mailbox on the inbound server. IMAP keeps messages on the server and syncs across devices; POP3 typically downloads and deletes. A complete email setup uses both SMTP for sending and IMAP (or POP3) for receiving.
Most residential ISPs block outbound port 25 to prevent infected home computers from running spam botnets. Legitimate email from a home connection should use port 587 (authenticated submission via STARTTLS) or 465 (implicit-TLS submission) to your provider's outbound server, which then relays the message to its destination on port 25 from a server that is allowed to make those connections. To run your own mail server from a home connection, you usually need to either request an unblock from the ISP or relay through a hosted SMTP service.
Most spam classification is driven by sender IP reputation — even a perfectly composed message gets penalized if it comes from an IP with no warmup history, a hosting ASN with abuse reports, or missing reverse DNS. Other common factors are missing or invalid SPF/DKIM/DMARC records, inconsistent sender domains across headers, content patterns matching known spam (excessive exclamation marks, all-caps subject lines, suspicious URLs), and low engagement scores at the recipient (Gmail/Outlook use open-and-reply rates as a quality signal).
Three layered email-authentication standards. SPF (Sender Policy Framework) is a DNS TXT record listing which IPs are allowed to send mail for a domain. DKIM (DomainKeys Identified Mail) signs outgoing messages with a private key whose public counterpart lives in DNS — receivers verify the signature to confirm the message wasn't tampered with. DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together with a policy ("if both fail, quarantine or reject") and emits aggregate reports back to the sender. All three are now baseline requirements for major mail providers.
Yes — STARTTLS upgrades a plain SMTP session to TLS over the same port. Almost all modern mail servers offer STARTTLS on ports 25, 587, and explicitly require it on 465 (implicit TLS). The weakness is that STARTTLS is opportunistic — if the receiving server doesn't advertise it, mail still goes in cleartext, and a network attacker can strip the upgrade. MTA-STS (RFC 8461) and DANE close that gap by letting domains publish DNS policies requiring TLS for inbound mail.
Back to glossary