What sends massive amounts of email to a specific person or system that can cause that users server to stop functioning?

Mail sent using electronic means

"Reply all" redirects here. For the podcast, see Reply All (podcast).

For the former company, see Email Limited.

This screenshot shows the "Inbox" page of an email client; users can see new emails and take actions, such as reading, deleting, saving, or responding to these messages.

The at sign, a part of every SMTP email address[1]

When a "robot" on Wikipedia makes changes to image files, the uploader receives an email about the changes made.

Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic (digital) version of, or counterpart to, mail, at a time when "mail" meant only physical mail (hence e- + mail). Email later became a ubiquitous (very widely used) communication medium, to the point that in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries. Email is the medium, and each message sent therewith is called an email (mass/count distinction).

Email operates across computer networks, primarily the Internet, and also local area networks. Today's email systems are based on a store-and-forward model. Email servers accept, forward, deliver, and store messages. Neither the users nor their computers are required to be online simultaneously; they need to connect, typically to a mail server or a webmail interface to send or receive messages or download it.

Originally an ASCII text-only communications medium, Internet email was extended by Multipurpose Internet Mail Extensions (MIME) to carry text in other character sets and multimedia content attachments. International email, with internationalized email addresses using UTF-8, is standardized but not widely adopted.[2]

Terminology

Further information: History of email § Terminology and usage

The term electronic mail has been in use with its modern meaning since 1975, and variations of the shorter E-mail have been in use since 1979:[3][4]

• email is now the common form, and recommended by style guides.[5][6] It is the form required by IETF Requests for Comments (RFC) and working groups.[7] This spelling also appears in most dictionaries.[8][9][10][11][12][13][14][15]
• e-mail is the form favored in edited published American English and British English writing as reflected in the Corpus of Contemporary American English data,[16] but is falling out of favor in some style guides.[6][17]
• E-mail is sometimes used.[18] The original usage in June 1979 occurred in the journal Electronics in reference to the United States Postal Service initiative called E-COM, which was developed in the late 1970s and operated in the early 1980s.[3][4]
• Email is also used.
• EMAIL was used by CompuServe starting in April 1981, which popularized the term.[19][20]
• EMail is a traditional form used in RFCs for the "Author's Address".

The service is often simply referred to as mail, and a single piece of electronic mail is called a message. The conventions for fields within emails — the “To,” “From,” “CC,” “BCC” etc. — began with RFC-680 in 1975.[21]

An Internet email consists of an envelope and content;[22] the content consists of a header and a body.[23]

History

Main article: History of email

Computer-based messaging between users of the same system became possible after the advent of time-sharing in the early 1960s, with a notable implementation by MIT's CTSS project in 1965.[24] Most developers of early mainframes and minicomputers developed similar, but generally incompatible, mail applications. In 1971 the first ARPANET network mail was sent, introducing the now-familiar address syntax with the '@' symbol designating the user's system address.[25] Over a series of RFCs, conventions were refined for sending mail messages over the File Transfer Protocol.

Proprietary electronic mail systems soon began to emerge. IBM, CompuServe and Xerox used in-house mail systems in the 1970s; CompuServe sold a commercial intraoffice mail product from 1978 and IBM and Xerox from 1981.[nb 1][26][27][28] DEC's ALL-IN-1 and Hewlett-Packard's HPMAIL (later HP DeskManager) were released in 1982; development work on the former began in the late 1970s and the latter became the world’s largest selling email system.[29][30]

The Simple Mail Transfer Protocol (SMTP) protocol was implemented on the ARPANET in 1983. LAN email systems emerged in the mid 1980s. For a time in the late 1980s and early 1990s, it seemed likely that either a proprietary commercial system or the X.400 email system, part of the Government Open Systems Interconnection Profile (GOSIP), would predominate. However, once the final restrictions on carrying commercial traffic over the Internet ended in 1995,[31][32] a combination of factors made the current Internet suite of SMTP, POP3 and IMAP email protocols the standard.[nb 2]

Operation

The following is a typical sequence of events that takes place when sender Alice transmits a message using a mail user agent (MUA) addressed to the email address of the recipient.[33]

Email operation

1. The MUA formats the message in email format and uses the submission protocol, a profile of the Simple Mail Transfer Protocol (SMTP), to send the message content to the local mail submission agent (MSA), in this case smtp.a.org.
2. The MSA determines the destination address provided in the SMTP protocol (not from the message header) — in this case, — which is a fully qualified domain address (FQDA). The part before the @ sign is the local part of the address, often the username of the recipient, and the part after the @ sign is a domain name. The MSA resolves a domain name to determine the fully qualified domain name of the mail server in the Domain Name System (DNS).
3. The DNS server for the domain b.org (ns.b.org) responds with any MX records listing the mail exchange servers for that domain, in this case mx.b.org, a message transfer agent (MTA) server run by the recipient's ISP.[34]
4. smtp.a.org sends the message to mx.b.org using SMTP. This server may need to forward the message to other MTAs before the message reaches the final message delivery agent (MDA).
5. The MDA delivers it to the mailbox of user bob.
6. Bob's MUA picks up the message using either the Post Office Protocol (POP3) or the Internet Message Access Protocol (IMAP).

In addition to this example, alternatives and complications exist in the email system:

• Alice or Bob may use a client connected to a corporate email system, such as IBM Lotus Notes or Microsoft Exchange. These systems often have their own internal email format and their clients typically communicate with the email server using a vendor-specific, proprietary protocol. The server sends or receives email via the Internet through the product's Internet mail gateway which also does any necessary reformatting. If Alice and Bob work for the same company, the entire transaction may happen completely within a single corporate email system.
• Alice may not have an MUA on her computer but instead may connect to a webmail service.
• Alice's computer may run its own MTA, so avoiding the transfer at step 1.
• Bob may pick up his email in many ways, for example logging into mx.b.org and reading it directly, or by using a webmail service.
• Domains usually have several mail exchange servers so that they can continue to accept mail even if the primary is not available.

Many MTAs used to accept messages for any recipient on the Internet and do their best to deliver them. Such MTAs are called open mail relays. This was very important in the early days of the Internet when network connections were unreliable.[35][36] However, this mechanism proved to be exploitable by originators of unsolicited bulk email and as a consequence open mail relays have become rare,[37] and many MTAs do not accept messages from open mail relays.

Message format

The basic Internet message format used for email[38] is defined by RFC 5322, with encoding of non-ASCII data and multimedia content attachments defined in RFC 2045 through RFC 2049, collectively called Multipurpose Internet Mail Extensions or MIME. The extensions in International email apply only to email. RFC 5322 replaced the earlier RFC 2822 in 2008, then RFC 2822 in 2001 replaced RFC 822 – the standard for Internet email for decades. Published in 1982, RFC 822 was based on the earlier RFC 733 for the ARPANET.[39]

Internet email messages consist of two sections, "header" and "body". These are known as "content".[40][41] The header is structured into fields such as From, To, CC, Subject, Date, and other information about the email. In the process of transporting email messages between systems, SMTP communicates delivery parameters and information using message header fields. The body contains the message, as unstructured text, sometimes containing a signature block at the end. The header is separated from the body by a blank line.

Message header

RFC 5322 specifies the syntax of the email header. Each email message has a header (the "header section" of the message, according to the specification), comprising a number of fields ("header fields"). Each field has a name ("field name" or "header field name"), followed by the separator character ":", and a value ("field body" or "header field body").

Each field name begins in the first character of a new line in the header section, and begins with a non-whitespace printable character. It ends with the separator character ":". The separator is followed by the field value (the "field body"). The value can continue onto subsequent lines if those lines have space or tab as their first character. Field names and, without SMTPUTF8, field bodies are restricted to 7-bit ASCII characters. Some non-ASCII values may be represented using MIME encoded words.

Header fields

Email header fields can be multi-line, with each line recommended to be no more than 78 characters, although the limit is 998 characters.[42] Header fields defined by RFC 5322 contain only US-ASCII characters; for encoding characters in other sets, a syntax specified in RFC 2047 may be used.[43] In some examples, the IETF EAI working group defines some standards track extensions,[44][45] replacing previous experimental extensions so UTF-8 encoded Unicode characters may be used within the header. In particular, this allows email addresses to use non-ASCII characters. Such addresses are supported by Google and Microsoft products, and promoted by some government agents.[46]

The message header must include at least the following fields:[47][48]

• From: The email address, and, optionally, the name of the author(s). Some email clients are changeable through account settings.
• Date: The local time and date the message was written. Like the From: field, many email clients fill this in automatically before sending. The recipient's client may display the time in the format and time zone local to them.

RFC 3864 describes registration procedures for message header fields at the IANA; it provides for permanent and provisional field names, including also fields defined for MIME, netnews, and HTTP, and referencing relevant RFCs. Common header fields for email include:[49]

• To: The email address(es), and optionally name(s) of the message's recipient(s). Indicates primary recipients (multiple allowed), for secondary recipients see Cc: and Bcc: below.
• Subject: A brief summary of the topic of the message. Certain abbreviations are commonly used in the subject, including "RE:" and "FW:".
• Cc: Carbon copy; Many email clients mark email in one's inbox differently depending on whether they are in the To: or Cc: list.
• Bcc: Blind carbon copy; addresses are usually only specified during SMTP delivery, and not usually listed in the message header.
• Content-Type: Information about how the message is to be displayed, usually a MIME type.
• Precedence: commonly with values "bulk", "junk", or "list"; used to indicate automated "vacation" or "out of office" responses should not be returned for this mail, e.g. to prevent vacation notices from sent to all other subscribers of a mailing list. Sendmail uses this field to affect prioritization of queued email, with "Precedence: special-delivery" messages delivered sooner. With modern high-bandwidth networks, delivery priority is less of an issue than it was. Microsoft Exchange respects a fine-grained automatic response suppression mechanism, the X-Auto-Response-Suppress field.[50]
• Message-ID: Also an automatic-generated field to prevent multiple deliveries and for reference in In-Reply-To: (see below).
• In-Reply-To: Message-ID of the message this is a reply to. Used to link related messages together. This field only applies to reply messages.
• References: Message-ID of the message this is a reply to, and the message-id of the message the previous reply was a reply to, etc.
• Reply-To: Address should be used to reply to the message.
• Sender: Address of the sender acting on behalf of the author listed in the From: field (secretary, list manager, etc.).
• Archived-At: A direct link to the archived form of an individual email message.

The To: field may be unrelated to the addresses to which the message is delivered. The delivery list is supplied separately to the transport protocol, SMTP, which may be extracted from the header content. The "To:" field is similar to the addressing at the top of a conventional letter delivered according to the address on the outer envelope. In the same way, the "From:" field may not be the sender. Some mail servers apply email authentication systems to messages relayed. Data pertaining to the server's activity is also part of the header, as defined below.

SMTP defines the trace information of a message saved in the header using the following two fields:[51]

• Received: after an SMTP server accepts a message, it inserts this trace record at the top of the header (last to first).
• Return-Path: after the delivery SMTP server makes the final delivery of a message, it inserts this field at the top of the header.

Other fields added on top of the header by the receiving server may be called trace fields.[52]

• Authentication-Results: after a server verifies authentication, it can save the results in this field for consumption by downstream agents.[53]
• Received-SPF: stores results of SPF checks in more detail than Authentication-Results.[54]
• DKIM-Signature: stores results of DomainKeys Identified Mail (DKIM) decryption to verify the message was not changed after it was sent.[55]
• Auto-Submitted: is used to mark automatic-generated messages.[56]
• VBR-Info: claims VBR whitelisting[57]

Message body

Content encoding

Internet email was designed for 7-bit ASCII.[58] Most email software is 8-bit clean, but must assume it will communicate with 7-bit servers and mail readers. The MIME standard introduced character set specifiers and two content transfer encodings to enable transmission of non-ASCII data: quoted printable for mostly 7-bit content with a few characters outside that range and base64 for arbitrary binary data. The 8BITMIME and BINARY extensions were introduced to allow transmission of mail without the need for these encodings, but many mail transport agents may not support them. In some countries, e-mail software violates RFC 5322 by sending raw[nb 3] non-ASCII text and several encoding schemes co-exist; as a result, by default, the message in a non-Latin alphabet language appears in non-readable form (the only exception is a coincidence if the sender and receiver use the same encoding scheme). Therefore, for international character sets, Unicode is growing in popularity.[59]

Plain text and HTML

Most modern graphic email clients allow the use of either plain text or HTML for the message body at the option of the user. HTML email messages often include an automatic-generated plain text copy for compatibility.

Advantages of HTML include the ability to include in-line links and images, set apart previous messages in block quotes, wrap naturally on any display, use emphasis such as underlines and italics, and change font styles. Disadvantages include the increased size of the email, privacy concerns about web bugs, abuse of HTML email as a vector for phishing attacks and the spread of malicious software.[60] Some e-mail clients interpret the body as HTML even in the absence of a Content-Type: html header field; this may cause various problems.

Some web-based mailing lists recommend all posts be made in plain text, with 72 or 80 characters per line for all the above reasons,[61][62] and because they have a significant number of readers using text-based email clients such as Mutt. Various informal conventions evolved for marking up plain text in email and usenet posts, which later led to the development of formal languages like setext (c. 1992) and many others, the post popular of them being markdown.

Some Microsoft email clients may allow rich formatting using their proprietary Rich Text Format (RTF), but this should be avoided unless the recipient is guaranteed to have a compatible email client.[63]

Servers and client applications

The interface of an email client, Thunderbird.

Messages are exchanged between hosts using the Simple Mail Transfer Protocol with software programs called mail transfer agents (MTAs); and delivered to a mail store by programs called mail delivery agents (MDAs, also sometimes called local delivery agents, LDAs). Accepting a message obliges an MTA to deliver it,[64] and when a message cannot be delivered, that MTA must send a bounce message back to the sender, indicating the problem.

Users can retrieve their messages from servers using standard protocols such as POP or IMAP, or, as is more likely in a large corporate environment, with a proprietary protocol specific to Novell Groupwise, Lotus Notes or Microsoft Exchange Servers. Programs used by users for retrieving, reading, and managing email are called mail user agents (MUAs).

When opening an email, it is marked as "read", which typically visibly distinguishes it from "unread" messages on clients' user interfaces. Email clients may allow hiding read emails from the inbox so the user can focus on the unread.[65]

Mail can be stored on the client, on the server side, or in both places. Standard formats for mailboxes include Maildir and mbox. Several prominent email clients use their own proprietary format and require conversion software to transfer email between them. Server-side storage is often in a proprietary format but since access is through a standard protocol such as IMAP, moving email from one server to another can be done with any MUA supporting the protocol.

Many current email users do not run MTA, MDA or MUA programs themselves, but use a web-based email platform, such as Gmail or Yahoo! Mail, that performs the same tasks.[66] Such webmail interfaces allow users to access their mail with any standard web browser, from any computer, rather than relying on a local email client.

Filename extensions

Upon reception of email messages, email client applications save messages in operating system files in the file system. Some clients save individual messages as separate files, while others use various database formats, often proprietary, for collective storage. A historical standard of storage is the mbox format. The specific format used is often indicated by special filename extensions:

eml Used by many email clients including Novell GroupWise, Microsoft Outlook Express, Lotus notes, Windows Mail, Mozilla Thunderbird, and Postbox. The files contain the email contents as plain text in MIME format, containing the email header and body, including attachments in one or more of several formats. emlx Used by Apple Mail. msg Used by Microsoft Office Outlook and OfficeLogic Groupware. mbx Used by Opera Mail, KMail, and Apple Mail based on the mbox format.

Some applications (like Apple Mail) leave attachments encoded in messages for searching while also saving separate copies of the attachments. Others separate attachments from messages and save them in a specific directory.

URI scheme mailto

Main article: mailto

The URI scheme, as registered with the IANA, defines the mailto: scheme for SMTP email addresses. Though its use is not strictly defined, URLs of this form are intended to be used to open the new message window of the user's mail client when the URL is activated, with the address as defined by the URL in the To: field.[67][68] Many clients also support query string parameters for the other email fields, such as its subject line or carbon copy recipients.[69]

Types

Web-based email

Main article: Webmail

Many email providers have a web-based email client. This allows users to log into the email account by using any compatible web browser to send and receive their email. Mail is typically not downloaded to the web client, so can't be read without a current Internet connection.

POP3 email servers

The Post Office Protocol 3 (POP3) is a mail access protocol used by a client application to read messages from the mail server. Received messages are often deleted from the server. POP supports simple download-and-delete requirements for access to remote mailboxes (termed maildrop in the POP RFC's).[70] POP3 allows you to download email messages on your local computer and read them even when you are offline.[71][72]

IMAP email servers

The Internet Message Access Protocol (IMAP) provides features to manage a mailbox from multiple devices. Small portable devices like smartphones are increasingly used to check email while traveling and to make brief replies, larger devices with better keyboard access being used to reply at greater length. IMAP shows the headers of messages, the sender and the subject and the device needs to request to download specific messages. Usually, the mail is left in folders in the mail server.

MAPI email servers

Messaging Application Programming Interface (MAPI) is used by Microsoft Outlook to communicate to Microsoft Exchange Server - and to a range of other email server products such as Axigen Mail Server, Kerio Connect, Scalix, Zimbra, HP OpenMail, IBM Lotus Notes, Zarafa, and Bynari where vendors have added MAPI support to allow their products to be accessed directly via Outlook.

Uses

This section needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (November 2007) (Learn how and when to remove this template message)

Business and organizational use

Email has been widely accepted by businesses, governments and non-governmental organizations in the developed world, and it is one of the key parts of an 'e-revolution' in workplace communication (with the other key plank being widespread adoption of highspeed Internet). A sponsored 2010 study on workplace communication found 83% of U.S. knowledge workers felt email was critical to their success and productivity at work.[73]

It has some key benefits to business and other organizations, including:

Facilitating logistics Much of the business world relies on communications between people who are not physically in the same building, area, or even country; setting up and attending an in-person meeting, telephone call, or conference call can be inconvenient, time-consuming, and costly. Email provides a method of exchanging information between two or more people with no set-up costs and that is generally far less expensive than a physical meeting or phone call. Helping with synchronization With real time communication by meetings or phone calls, participants must work on the same schedule, and each participant must spend the same amount of time in the meeting or call. Email allows asynchrony: each participant may control their schedule independently. Batch processing of incoming emails can improve workflow compared to interrupting calls. Reducing cost Sending an email is much less expensive than sending postal mail, or long distance telephone calls, telex or telegrams. Increasing speed Much faster than most of the alternatives. Creating a "written" record Unlike a telephone or in-person conversation, email by its nature creates a detailed written record of the communication, the identity of the sender(s) and recipient(s) and the date and time the message was sent. In the event of a contract or legal dispute, saved emails can be used to prove that an individual was advised of certain issues, as each email has the date and time recorded on it. Possibility of auto-processing and improved distribution As well pre-processing of customer's orders and/or addressing the person in charge can be realized by automated procedures.

Email marketing

Email marketing via "opt-in" is often successfully used to send special sales offerings and new product information.[74] Depending on the recipient's culture,[75] email sent without permission—such as an "opt-in"—is likely to be viewed as unwelcome "email spam".

Personal use

Personal computer

Many users access their personal emails from friends and family members using a personal computer in their house or apartment.

Mobile

Email has become used on smartphones and on all types of computers. Mobile "apps" for email increase accessibility to the medium for users who are out of their homes. While in the earliest years of email, users could only access email on desktop computers, in the 2010s, it is possible for users to check their email when they are away from home, whether they are across town or across the world. Alerts can also be sent to the smartphone or other devices to notify them immediately of new messages. This has given email the ability to be used for more frequent communication between users and allowed them to check their email and write messages throughout the day. As of 2011[update], there were approximately 1.4 billion email users worldwide and 50 billion non-spam emails that were sent daily.[68]

Individuals often check emails on smartphones for both personal and work-related messages. It was found that US adults check their email more than they browse the web or check their Facebook accounts, making email the most popular activity for users to do on their smartphones. 78% of the respondents in the study revealed that they check their email on their phone.[76] It was also found that 30% of consumers use only their smartphone to check their email, and 91% were likely to check their email at least once per day on their smartphone. However, the percentage of consumers using email on a smartphone ranges and differs dramatically across different countries. For example, in comparison to 75% of those consumers in the US who used it, only 17% in India did.[77]

Declining use among young people

As of 2010[update], the number of Americans visiting email web sites had fallen 6 percent after peaking in November 2009. For persons 12 to 17, the number was down 18 percent. Young people preferred instant messaging, texting and social media. Technology writer Matt Richtel said in The New York Times that email was like the VCR, vinyl records and film cameras—no longer cool and something older people do.[78][79]

A 2015 survey of Android users showed that persons 13 to 24 used messaging apps 3.5 times as much as those over 45, and were far less likely to use email.[80]

Issues

This section needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (October 2016) (Learn how and when to remove this template message)

Attachment size limitation

Main article: Email attachment

Email messages may have one or more attachments, which are additional files that are appended to the email. Typical attachments include Microsoft Word documents, PDF documents, and scanned images of paper documents. In principle, there is no technical restriction on the size or number of attachments. However, in practice, email clients, servers, and Internet service providers implement various limitations on the size of files, or complete email – typically to 25MB or less.[81][82][83] Furthermore, due to technical reasons, attachment sizes as seen by these transport systems can differ from what the user sees,[84] which can be confusing to senders when trying to assess whether they can safely send a file by email. Where larger files need to be shared, various file hosting services are available and commonly used.[85][86]

Information overload

The ubiquity of email for knowledge workers and "white collar" employees has led to concerns that recipients face an "information overload" in dealing with increasing volumes of email.[87][88] With the growth in mobile devices, by default employees may also receive work-related emails outside of their working day. This can lead to increased stress and decreased satisfaction with work. Some observers even argue it could have a significant negative economic effect,[89] as efforts to read the many emails could reduce productivity.

Spam

Main article: Email spam

Email "spam" is unsolicited bulk email. The low cost of sending such email meant that, by 2003, up to 30% of total email traffic was spam,[90][91][92] and was threatening the usefulness of email as a practical tool. The US CAN-SPAM Act of 2003 and similar laws elsewhere[93] had some impact, and a number of effective anti-spam techniques now largely mitigate the impact of spam by filtering or rejecting it for most users,[94] but the volume sent is still very high—and increasingly consists not of advertisements for products, but malicious content or links.[95] In September 2017, for example, the proportion of spam to legitimate email rose to 59.56%.[96] The percentage of spam email in 2021 is estimated to be 85%.[97][better source needed]

Malware

A range of malicious email types exist. These range from various types of email scams, including "social engineering" scams such as advance-fee scam "Nigerian letters", to phishing, email bombardment and email worms.

Email spoofing

Main article: Email spoofing

Email spoofing occurs when the email message header is designed to make the message appear to come from a known or trusted source. Email spam and phishing methods typically use spoofing to mislead the recipient about the true message origin. Email spoofing may be done as a prank, or as part of a criminal effort to defraud an individual or organization. An example of a potentially fraudulent email spoofing is if an individual creates an email that appears to be an invoice from a major company, and then sends it to one or more recipients. In some cases, these fraudulent emails incorporate the logo of the purported organization and even the email address may appear legitimate.

Email bombing

Main article: Email bomb

Email bombing is the intentional sending of large volumes of messages to a target address. The overloading of the target email address can render it unusable and can even cause the mail server to crash.

Privacy concerns

Main article: Email privacy

Today it can be important to distinguish between the Internet and internal email systems. Internet email may travel and be stored on networks and computers without the sender's or the recipient's control. During the transit time it is possible that third parties read or even modify the content. Internal mail systems, in which the information never leaves the organizational network, may be more secure, although information technology personnel and others whose function may involve monitoring or managing may be accessing the email of other employees.

Email privacy, without some security precautions, can be compromised because:

• email messages are generally not encrypted.
• email messages have to go through intermediate computers before reaching their destination, meaning it is relatively easy for others to intercept and read messages.
• many Internet Service Providers (ISP) store copies of email messages on their mail servers before they are delivered. The backups of these can remain for up to several months on their server, despite deletion from the mailbox.
• the "Received:"-fields and other information in the email can often identify the sender, preventing anonymous communication.
• web bugs invisibly embedded in HTML content can alert the sender of any email whenever an email is rendered as HTML (some e-mail clients do this when the user reads, or re-reads the e-mail) and from which IP address. It can also reveal whether an email was read on a smartphone or a PC, or Apple Mac device via the user agent string.

There are cryptography applications that can serve as a remedy to one or more of the above. For example, Virtual Private Networks or the Tor network can be used to encrypt traffic from the user machine to a safer network while GPG, PGP, SMEmail,[98] or S/MIME can be used for end-to-end message encryption, and SMTP STARTTLS or SMTP over Transport Layer Security/Secure Sockets Layer can be used to encrypt communications for a single mail hop between the SMTP client and the SMTP server.

Additionally, many mail user agents do not protect logins and passwords, making them easy to intercept by an attacker. Encrypted authentication schemes such as SASL prevent this. Finally, the attached files share many of the same hazards as those found in peer-to-peer filesharing. Attached files may contain trojans or viruses.

Legal contracts

It is possible for an exchange of emails to form a binding contract, so users must be careful about what they send through email correspondence.[99][100] A signature block on an email may be interpreted as satisfying a signature requirement for a contract.[101]

Flaming

Flaming occurs when a person sends a message (or many messages) with angry or antagonistic content. The term is derived from the use of the word incendiary to describe particularly heated email discussions. The ease and impersonality of email communications mean that the social norms that encourage civility in person or via telephone do not exist and civility may be forgotten.[102]

Email bankruptcy

Main article: Email bankruptcy

Also known as "email fatigue", email bankruptcy is when a user ignores a large number of email messages after falling behind in reading and answering them. The reason for falling behind is often due to information overload and a general sense there is so much information that it is not possible to read it all. As a solution, people occasionally send a "boilerplate" message explaining that their email inbox is full, and that they are in the process of clearing out all the messages. Harvard University law professor Lawrence Lessig is credited with coining this term, but he may only have popularized it.[103]

Internationalization

Originally Internet email was completely ASCII text-based. MIME now allows body content text and some header content text in international character sets, but other headers and email addresses using UTF-8, while standardized[104] have yet to be widely adopted.[2][105]

Further information: International email and Email address § Internationalization

Tracking of sent mail

The original SMTP mail service provides limited mechanisms for tracking a transmitted message, and none for verifying that it has been delivered or read. It requires that each mail server must either deliver it onward or return a failure notice (bounce message), but both software bugs and system failures can cause messages to be lost. To remedy this, the IETF introduced Delivery Status Notifications (delivery receipts) and Message Disposition Notifications (return receipts); however, these are not universally deployed in production.[nb 4]

Many ISPs now deliberately disable non-delivery reports (NDRs) and delivery receipts due to the activities of spammers:

• Delivery Reports can be used to verify whether an address exists and if so, this indicates to a spammer that it is available to be spammed.
• If the spammer uses a forged sender email address (email spoofing), then the innocent email address that was used can be flooded with NDRs from the many invalid email addresses the spammer may have attempted to mail. These NDRs then constitute spam from the ISP to the innocent user.

In the absence of standard methods, a range of system based around the use of web bugs have been developed. However, these are often seen as underhand or raising privacy concerns,[108][109] and only work with email clients that support rendering of HTML. Many mail clients now default to not showing "web content".[110] Webmail providers can also disrupt web bugs by pre-caching images.[111]

See also

• Anonymous remailer
• Anti-spam techniques
• biff
• Bounce message
• Comparison of email clients
• Dark Mail Alliance
• Disposable email address
• E-card
• Electronic mailing list
• Email art
• Email authentication
• Email digest
• Email encryption
• Email hosting service
• Email storm
• Email tracking
• HTML email
• Information overload
• Internet fax
• Internet mail standards
• List of email subject abbreviations
• MCI Mail
• Netiquette
• Posting style
• Privacy-enhanced Electronic Mail
• Push email
• RSS
• Telegraphy
• Unicode and email
• Usenet quoting
• Webmail, Comparison of webmail providers
• X-Originating-IP
• X.400
• Yerkish

Notes

1. ^ IBM's system was available on request to customers prior to formal release.
2. ^ See Protocol Wars.
3. ^ Not using Internationalized Email or MIME
4. ^ A complete Message Tracking mechanism was also defined, but it never gained traction; see RFCs 3885[106] through 3888.[107]

References

1. ^ Klensin, J. (2008). "RFC 5321 – Simple Mail Transfer Protocol". Network Working Group. doi:10.17487/RFC5321. Archived from the original on January 16, 2015. Retrieved January 19, 2015.
2. ^ a b "DataMail: World's first free linguistic email service supports eight India languages". Archived from the original on October 22, 2016.
3. ^ a b "email noun earlier than 1979". Oxford English Dictionary. October 25, 2012. Retrieved May 14, 2020.
4. ^ a b Ohlheiser, Abby (July 28, 2015). "Why the first use of the word 'e-mail' may be lost forever". Washington Post. Retrieved May 14, 2020.
5. ^ "Yahoo style guide". Styleguide.yahoo.com. Archived from the original on May 9, 2013. Retrieved January 9, 2014.
6. ^ a b "AP Removes Hyphen From 'Email' In Style Guide". Huffington Post. New York City. March 18, 2011. Archived from the original on May 12, 2015.
7. ^ "RFC Editor Terms List". IETF. Archived from the original on December 28, 2013. This is suggested by the RFC Document Style Guide Archived 2015-04-24 at the Wayback Machine
8. ^ AskOxford Language Query team. "What is the correct way to spell 'e' words such as 'email', 'ecommerce', 'egovernment'?". FAQ. Oxford University Press. Archived from the original on July 1, 2008. Retrieved September 4, 2009. We recommend email, this is the common form
9. ^ "Reference.com". Dictionary.reference.com. Archived from the original on December 16, 2013. Retrieved January 9, 2014.
10. ^ Random House Unabridged Dictionary, 2006
11. ^ The American Heritage Dictionary of the English Language, Fourth Edition
12. ^ Princeton University WordNet 3.0
13. ^ The American Heritage Science Dictionary, 2002
14. ^ "Merriam-Webster Dictionary". Merriam-Webster. Archived from the original on May 12, 2014. Retrieved May 9, 2014.
15. ^ ""RFC Style Guide", Table of decisions on consistent use in RFC". Archived from the original on December 28, 2013. Retrieved January 9, 2014.
16. ^ ""Email" or "e-mail"". English Language & Usage – Stack Exchange. August 25, 2010. Archived from the original on August 31, 2010. Retrieved September 26, 2010.
17. ^ Gerri Berendzen; Daniel Hunt. "AP changes e-mail to email". 15th National Conference of the American Copy Editors Society (2011, Phoenix). ACES. Archived from the original on March 22, 2011. Retrieved March 23, 2011.
18. ^ "Excerpt from the FAQ list of the Usenet newsgroup alt.usage.english". Alt-usage-english.org. Archived from the original on April 3, 2012. Retrieved January 9, 2014.
19. ^ "Did V.A. Shiva Ayyadurai Invent Email? | SIGCIS". www.sigcis.org. Retrieved September 5, 2020.
20. ^ Wed, May 22nd 2019 10:35am-Mike Masnick (May 22, 2019). "Laying Out All The Evidence: Shiva Ayyadurai Did Not Invent Email". Techdirt. Retrieved September 5, 2020.
21. ^ Pexton, Patrick B. (March 1, 2012). "Origins of e-mail: My mea culpa". Washington Post. Retrieved April 18, 2022.
22. ^ "Mail Objects". Simple Mail Transfer Protocol. IETF. sec. 2.3.1. doi:10.17487/RFC5321. RFC 5321. SMTP transports a mail object. A mail object contains an envelope and content.
23. ^ "Mail Objects". Simple Mail Transfer Protocol. IETF. sec. 2.3.1. doi:10.17487/RFC5321. RFC 5321. The SMTP content is sent in the SMTP DATA protocol unit, and has two parts: the header section and the body. If the content conforms to other contemporary standards, the header section is a collection of header fields, each consisting of a header name, a colon, and data, structured as in the message format specification
24. ^ Tom Van Vleck. "The History of Electronic Mail".
25. ^ Ray Tomlinson. "The First Network Email". Openmap.bbn.com. Archived from the original on May 6, 2006. Retrieved October 5, 2019.
26. ^ Gardner, P. C. (1981). "A system for the automated office environment". IBM Systems Journal. 20 (3): 321–345. doi:10.1147/sj.203.0321. ISSN 0018-8670; "IBM100 - The Networked Business Place". IBM. August 2, 2020. Archived from the original on August 2, 2020. Retrieved September 7, 2020.
27. ^ Connie Winkler (October 22, 1979). "CompuServe pins hopes on MicroNET, InfoPlex". Computerworld. Vol. 13, no. 42. p. 69; Dylan Tweney (September 24, 1979). "Sept. 24, 1979: First Online Service for Consumers Debuts". Wired.
28. ^ Ollig, Mark (October 31, 2011). "They could have owned the computer industry". Herald Journal. Retrieved February 26, 2021; "Tech before its time: Xerox's shooting Star computer". New Scientist. February 15, 2012. Retrieved April 18, 2022; "The Xerox Star". toastytech.com. Retrieved April 18, 2022.
29. ^ "ALL-IN-1". DIGITAL Computing Timeline. January 30, 1998.
30. ^ "HP Computer Museum".
31. ^ "Retiring the NSFNET Backbone Service: Chronicling the End of an Era" Archived 2016-01-01 at the Wayback Machine, Susan R. Harris, Ph.D., and Elise Gerich, ConneXions, Vol. 10, No. 4, April 1996
32. ^ Leiner, Barry M.; Cerf, Vinton G.; Clark, David D.; Kahn, Robert E.; Kleinrock, Leonard; Lynch, Daniel C.; Postel, Jon; Roberts, Larry G.; Wolf, Stephen (1999). "A Brief History of the Internet". arXiv:cs/9901011. Bibcode:1999cs........1011L. Archived from the original on August 11, 2015. {{cite journal}}: Cite journal requires |journal= (help)
33. ^ How E-mail Works. howstuffworks.com. 2008. Archived from the original on June 11, 2017.
34. ^ "MX Record Explanation" Archived 2015-01-17 at the Wayback Machine, it.cornell.edu
35. ^ "What is open relay?". WhatIs.com. Indiana University. July 19, 2004. Archived from the original on August 24, 2007. Retrieved April 7, 2008.
36. ^ Ch Seetha Ram (2010). Information Technology for Management. Deep & Deep Publications. p. 164. ISBN 978-81-8450-267-1.
37. ^ Hoffman, Paul (August 20, 2002). "Allowing Relaying in SMTP: A Series of Surveys". IMC Reports. Internet Mail Consortium. Archived from the original on January 18, 2007. Retrieved April 13, 2008.
38. ^ The Internet message format is also used for network news
39. ^ Simpson, Ken (October 3, 2008). "An update to the email standards". MailChannels Blog Entry. Archived from the original on October 6, 2008.
40. ^ J. Klensin (October 2008), "Mail Objects", Simple Mail Transfer Protocol, sec. 2.3.1., doi:10.17487/RFC5321, RFC 5321, SMTP transports a mail object. A mail object contains an envelope and content. ... The SMTP content is sent in the SMTP DATA protocol unit, and has two parts: the header section and the body.
41. ^ D. Crocker (July 2009), "Message Data", Internet Mail Architecture, sec. 4.1., doi:10.17487/RFC5598, RFC 5598, A message comprises a transit-handling envelope and the message content. The envelope contains information used by the MHS. The content is divided into a structured header and the body.
42. ^ P. Resnick, Ed. (October 2008). Resnick, P (ed.). "RFC 5322, Internet Message Format". IETF. doi:10.17487/RFC5322. Archived from the original on February 22, 2015. {{cite journal}}: Cite journal requires |journal= (help)
43. ^ Moore, K (November 1996). "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text". IETF. doi:10.17487/RFC2047. Archived from the original on January 14, 2012. Retrieved January 21, 2012. {{cite journal}}: Cite journal requires |journal= (help)
44. ^ A Yang, Ed. (February 2012). "RFC 6532, Internationalized Email Headers". Ietf Request for Comments (RFC) Pages - Test. IETF. doi:10.17487/RFC6532. ISSN 2070-1721. Archived from the original on February 18, 2015.
45. ^ J. Yao, Ed., W. Mao, Ed. (February 2012). "RFC 6531, SMTP Extension for Internationalized Email Addresses". Ietf Request for Comments (RFC) Pages - Test. IETF. doi:10.17487/RFC6531. ISSN 2070-1721. Archived from the original on February 18, 2015.{{cite journal}}: CS1 maint: multiple names: authors list (link)
46. ^ "Now, get your email address in Hindi - The Economic Times". The Economic Times. Archived from the original on August 28, 2016. Retrieved October 17, 2016.
47. ^ Resnick, Pete (October 2008). Resnick, P (ed.). "RFC 5322, 3.6. Field Definitions". Tools.ietf.org. doi:10.17487/RFC5322. Archived from the original on December 30, 2013. Retrieved January 9, 2014. {{cite journal}}: Cite journal requires |journal= (help)
48. ^ Resnick, Pete (October 2008). Resnick, P (ed.). "RFC 5322, 3.6.4. Identification Fields". Tools.ietf.org. doi:10.17487/RFC5322. Archived from the original on December 30, 2013. Retrieved January 9, 2014. {{cite journal}}: Cite journal requires |journal= (help)
49. ^ Dürst, Martin J. (December 2007). "RFC 5064". Tools.ietf.org. doi:10.17487/RFC5064. Archived from the original on July 25, 2014. Retrieved January 9, 2014. {{cite journal}}: Cite journal requires |journal= (help)
50. ^ Microsoft, Auto Response Suppress, 2010, Microsoft reference Archived 2011-04-07 at the Wayback Machine, 2010 Sep 22
51. ^ John Klensin (October 2008). "Trace Information". Simple Mail Transfer Protocol. IETF. sec. 4.4. doi:10.17487/RFC5321. RFC 5321.
52. ^ John Levine (January 14, 2012). "Trace headers". email message. IETF. Archived from the original on August 11, 2012. Retrieved January 16, 2012. there are many more trace fields than those two
53. ^ This extensible field is defined by RFC 7001, this also defines an IANA registry of Email Authentication Parameters.
54. ^ RFC 7208.
55. ^ Crocker, D.; Hansen, T.; Kucherawy, M. (2011). Crocker, D; Hansen, T; Kucherawy, M (eds.). "RFC6376". doi:10.17487/RFC6376. Retrieved January 28, 2020. {{cite journal}}: Cite journal requires |journal= (help)
56. ^ Defined in RFC 3834, and updated by RFC 5436.
57. ^ RFC 5518.
58. ^ Craig Hunt (2002). TCP/IP Network Administration. O'Reilly Media. p. 70. ISBN 978-0-596-00297-8.
59. ^ "What is unicode? | Konfinity". www.konfinity.com. Retrieved January 31, 2022.
60. ^ "Email policies that prevent viruses". Archived from the original on May 12, 2007.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
61. ^ "When posting to a RootsWeb mailing list..." Helpdesk.rootsweb.com. Archived from the original on February 19, 2014. Retrieved January 9, 2014.
62. ^ "...Plain text, 72 characters per line..." Openbsd.org. Archived from the original on February 8, 2014. Retrieved January 9, 2014.
63. ^ "How to Prevent the Winmail.dat File from Being Sent to Internet Users". Support.microsoft.com. July 2, 2010. Archived from the original on January 9, 2014. Retrieved January 9, 2014.
64. ^ In practice, some accepted messages may nowadays not be delivered to the recipient's InBox, but instead to a Spam or Junk folder which, especially in a corporate environment, may be inaccessible to the recipient
65. ^ "View only unread messages". support.microsoft.com.
66. ^ "Free Email Providers in the Yahoo! Directory". dir.yahoo.com. Archived from the original on July 4, 2014.
67. ^ RFC 2368 section 3 : by Paul Hoffman in 1998 discusses operation of the "mailto" URL.
68. ^ a b Hansen, Derek; Smith, Marc A.; Heer, Jeffrey (2011). "E-Mail". In Barnett, George A (ed.). Encyclopedia of social networks. Thousand Oaks, Calif: Sage. p. 245. ISBN 9781412994170. OCLC 959670912.
69. ^ "Creating hyperlinks § E-mail links". MDN Web Docs. Retrieved September 30, 2019.
70. ^ Allen, David (2004). Windows to Linux. Prentice Hall. p. 192. ISBN 978-1423902454. Archived from the original on December 26, 2016.
71. ^ "Implementation and Operation". DISTRIBUTED ELECTRONIC MAIL MODELS IN IMAP4. sec. 4.5. doi:10.17487/RFC1733. RFC 1733.
72. ^ "Message Store (MS)". Internet Mail Architecture. sec. 4.2.2. doi:10.17487/RFC5598. RFC 5598.
73. ^ By Om Malik, GigaOm. "Is Email a Curse or a Boon? Archived 2010-12-04 at the Wayback Machine" September 22, 2010. Retrieved October 11, 2010.
74. ^ Martin, Brett A. S.; Van Durme, Joel; Raulas, Mika; Merisavo, Marko (2003). "E-mail Marketing: Exploratory Insights from Finland" (PDF). Journal of Advertising Research. 43 (3): 293–300. doi:10.1017/s0021849903030265. Archived (PDF) from the original on October 21, 2012.
75. ^ Lev, Amir (October 2, 2009). "Spam culture, part 1: China". Archived from the original on November 10, 2016.
76. ^ "Email Is Top Activity On Smartphones, Ahead Of Web Browsing & Facebook [Study]". March 28, 2013. Archived from the original on April 29, 2014.
77. ^ "The ultimate mobile email statistics overview". Archived from the original on July 11, 2014.
78. ^ Richtel, Matt (December 20, 2010). "E-Mail Gets an Instant Makeover". The New York Times. Retrieved April 4, 2018.
79. ^ Gustini, Ray (December 21, 2010). "Why Are Young People Abandoning Email?". The Atlantic. Retrieved April 4, 2018.
80. ^ Perez, Sarah (March 24, 2016). "Email is dying among mobile's youngest users". techcrunch.com. Retrieved April 4, 2018.
81. ^ "Setting Message Size Limits in Exchange 2010 and Exchange 2007" Archived 2013-02-12 at the Wayback Machine.
82. ^ "Google updates file size limits for Gmail and YouTube", geek.com Archived 2011-12-19 at the Wayback Machine.
83. ^ "Maximum attachment size", mail.google.com.
84. ^ Walther, Henrik (January 2009). "Mysterious Attachment Size Increases, Replicating Public Folders, and More". Exchange Queue & A. TechNet Magazine. Retrieved November 7, 2021 – via Microsoft Docs. {{cite magazine}}: External link in |department= (help)
85. ^ "Send large files to other people" Archived 2016-08-07 at the Wayback Machine, Microsoft.com
86. ^ "8 ways to email large attachments" Archived 2016-07-02 at the Wayback Machine, Chris Hoffman, December 21, 2012, makeuseof.com
87. ^ Radicati, Sara. "Email Statistics Report, 2010" (PDF). Archived (PDF) from the original on September 1, 2011.
88. ^ Gross, Doug (October 20, 2010). "Happy Information Overload Day!". CNN. Archived from the original on October 23, 2015. Retrieved March 24, 2019.
89. ^ Stross, Randall (April 20, 2008). "Struggling to Evade the E-Mail Tsunami". The New York Times. Archived from the original on April 17, 2009. Retrieved May 1, 2010.
90. ^ "Seeing Spam? How To Take Care of Your Google Analytics Data". sitepronews.com. May 4, 2015. Archived from the original on November 7, 2017. Retrieved September 5, 2017.
91. ^ Rich Kawanagh. The top ten email spam list of 2005. ITVibe news, 2006, January 02, ITvibe.com Archived 2008-07-20 at the Wayback Machine
92. ^ How Microsoft is losing the war on spam Salon.com Archived 2008-06-29 at the Wayback Machine
93. ^ Spam Bill 2003 (PDF Archived 2006-09-11 at the Wayback Machine)
94. ^ "Google Says Its AI Catches 99.9 Percent of Gmail Spam" Archived 2016-09-16 at the Wayback Machine, Cade Metz, July 09 2015, wired.com
95. ^ "Spam and phishing in Q1 2016" Archived 2016-08-09 at the Wayback Machine, May 12, 2016, securelist.com
96. ^ "Kaspersky Lab Spam and Phishing report". May 26, 2021.
97. ^ "2021 Email Usage Statistics". October 5, 2021.
98. ^ SMEmail – A New Protocol for the Secure E-mail in Mobile Environments, Proceedings of the Australian Telecommunications Networks and Applications Conference (ATNAC'08), pp. 39–44, Adelaide, Australia, Dec. 2008.
99. ^ "When Email Exchanges Become Binding Contracts". law.com.
100. ^ Catarina, Jessica; Feitel, Jesse (2019). "Inadvertent Contract Formation via Email under New York Law: An Update". Syracuse Law Review. 69.
101. ^ Corfield, Gareth. "UK court ruling says email signature blocks can sign binding contracts". The Register. Retrieved December 6, 2019.
102. ^ S. Kiesler; D. Zubrow; A.M. Moses; V. Geller (1985). "Affect in computer-mediated communication: an experiment in synchronous terminal-to-terminal discussion". Human-Computer Interaction. 1: 77–104. doi:10.1207/s15327051hci0101_3.
103. ^ Barrett, Grant (December 23, 2007). "All We Are Saying". The New York Times. Archived from the original on April 17, 2009. Retrieved December 24, 2007.
104. ^ "Internationalized Domain Names (IDNs) | Registry.In". registry.in. Archived from the original on May 13, 2016. Retrieved October 17, 2016.
105. ^ "Made In India 'Datamail' Empowers Russia With Email Address In Russian Language - Digital Conqueror". December 7, 2016. Archived from the original on March 5, 2017.
106. ^ RFC 3885, SMTP Service Extension for Message Tracking
107. ^ RFC 3888, Message Tracking Model and Requirements
108. ^ Amy Harmon (November 22, 2000). "Software That Tracks E-Mail Is Raising Privacy Concerns". The New York Times. Retrieved January 13, 2012.
109. ^ "About.com". Email.about.com. December 19, 2013. Archived from the original on August 27, 2016. Retrieved January 9, 2014.
110. ^ "Outlook: Web Bugs & Blocked HTML Images" Archived 2015-02-18 at the Wayback Machine, slipstick.com
111. ^ "Gmail blows up e-mail marketing..." Archived 2017-06-07 at the Wayback Machine, Ron Amadeo, Dec 13 2013, Ars Technica

Further reading

• Cemil Betanov, Introduction to X.400, Artech House, ISBN 0-89006-597-7.
• Marsha Egan, "Inbox Detox and The Habit of Email Excellence Archived May 20, 2016, at the Wayback Machine", Acanthus Publishing ISBN 978-0-9815589-8-1
• Lawrence Hughes, Internet e-mail Protocols, Standards and Implementation, Artech House Publishers, ISBN 0-89006-939-5.
• Kevin Johnson, Internet Email Protocols: A Developer's Guide, Addison-Wesley Professional, ISBN 0-201-43288-9.
• Pete Loshin, Essential Email Standards: RFCs and Protocols Made Practical, John Wiley & Sons, ISBN 0-471-34597-0.
• Partridge, Craig (April–June 2008). "The Technical Development of Internet Email" (PDF). IEEE Annals of the History of Computing. 30 (2): 3–29. doi:10.1109/mahc.2008.32. ISSN 1934-1547. S2CID 206442868. Archived from the original (PDF) on June 2, 2016.
• Sara Radicati, Electronic Mail: An Introduction to the X.400 Message Handling Standards, Mcgraw-Hill, ISBN 0-07-051104-7.
• John Rhoton, Programmer's Guide to Internet Mail: SMTP, POP, IMAP, and LDAP, Elsevier, ISBN 1-55558-212-5.
• John Rhoton, X.400 and SMTP: Battle of the E-mail Protocols, Elsevier, ISBN 1-55558-165-X.
• David Wood, Programming Internet Mail, O'Reilly, ISBN 1-56592-479-7.

External links

Look up email or outbox in Wiktionary, the free dictionary.

Wikiversity has learning resources about Email Checklist

• IANA's list of standard header fields
• The History of Email is Dave Crocker's attempt at capturing the sequence of 'significant' occurrences in the evolution of email; a collaborative effort that also cites this page.
• The History of Electronic Mail is a personal memoir by the implementer of an early email system
• A Look at the Origins of Network Email is a short, yet vivid recap of the key historical facts
• Business E-Mail Compromise - An Emerging Global Threat, FBI
• Explained from first principles, a 2021 article attempting to summarize more than 100 RFCs

Retrieved from "//en.wikipedia.org/w/index.php?title=Email&oldid=1116173368"

Page 2

Internet protocol used for relaying e-mails

"SMTP" redirects here. For the email delivery company, see SMTP (company). For Short Message Transfer Protocol, see GSM 03.40.

Internet protocol suite Application layer Transport layer Internet layer Link layer

BGP DHCP(v6) DNS FTP HTTP HTTPS IMAP IRC LDAP MGCP MQTT NNTP NTP OSPF POP PTP ONC/RPC RTP RTSP RIP SIP SMTP SNMP SSH Telnet TLS/SSL XMPP more...

TCP UDP DCCP SCTP RSVP QUIC more...

IP IPv4 IPv6 ICMP(v6) NDP ECN IGMP IPsec more...

Tunnels PPP MAC more...

v t e

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP (which replaced the older POP3) is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

SMTP's origins began in 1980, building on concepts implemented on the ARPANET since 1971. It has been updated, modified and extended multiple times. The protocol version in common use today has extensible structure with various extensions for authentication, encryption, binary data transfer, and internationalized email addresses. SMTP servers commonly use the Transmission Control Protocol on port number 25 (for plaintext) and 587 (for encrypted communications).

History

Predecessors to SMTP

Further information: History of email

Various forms of one-to-one electronic messaging were used in the 1960s. Users communicated using systems developed for specific mainframe computers. As more computers were interconnected, especially in the U.S. Government's ARPANET, standards were developed to permit exchange of messages between different operating systems. SMTP grew out of these standards developed during the 1970s.

Mail on the ARPANET traces its roots to 1971: the Mail Box Protocol, which was not implemented,[1] but is discussed in RFC 196; and the SNDMSG program, which Ray Tomlinson of BBN adapted that year to send messages across two computers on the ARPANET.[2][3][4] A further proposal for a Mail Protocol was made in RFC 524 in June 1973,[5] which was not implemented.[6]

The use of the File Transfer Protocol (FTP) for "network mail" on the ARPANET was proposed in RFC 469 in March 1973.[7] Through RFC 561, RFC 680, RFC 724, and finally RFC 733 in November 1977, a standardized framework for "electronic mail" using FTP mail servers on was developed.[8]

Original SMTP

In 1980, Jon Postel and Suzanne Sluizer published RFC 772 which proposed the Mail Transfer Protocol as a replacement for the use of the FTP for mail. RFC 780 of May 1981 removed all references to FTP and allocated port 57 for TCP and UDP[citation needed], an allocation that has since been removed by IANA. In November 1981, Postel published RFC 788 "Simple Mail Transfer Protocol".

The SMTP standard was developed around the same time as Usenet, a one-to-many communication network with some similarities.[citation needed]

SMTP became widely used in the early 1980s. At the time, it was a complement to the Unix to Unix Copy Program (UUCP), which was better suited for handling email transfers between machines that were intermittently connected. SMTP, on the other hand, works best when both the sending and receiving machines are connected to the network all the time. Both used a store and forward mechanism and are examples of push technology. Though Usenet's newsgroups were still propagated with UUCP between servers,[9] UUCP as a mail transport has virtually disappeared[10] along with the "bang paths" it used as message routing headers.[11]

Sendmail, released with 4.1cBSD in 1983, was one of the first mail transfer agents to implement SMTP.[12] Over time, as BSD Unix became the most popular operating system on the Internet, Sendmail became the most common MTA (mail transfer agent).[13]

The original SMTP protocol supported only unauthenticated unencrypted 7-bit ASCII text communications, susceptible to trivial man-in-the-middle attack, spoofing, and spamming, and requiring any binary data to be encoded to readable text before transmission. Due to absence of a proper authentication mechanism, by design every SMTP server was an open mail relay. The Internet Mail Consortium (IMC) reported that 55% of mail servers were open relays in 1998,[14] but less than 1% in 2002.[15] Because of spam concerns most email providers blocklist open relays,[16] making original SMTP essentially impractical for general use on the Internet.

Modern SMTP

In November 1995, RFC 1869 defined Extended Simple Mail Transfer Protocol (ESMTP), which established a general structure for all existing and future extensions which aimed to add-in the features missing from the original SMTP. ESMTP defines consistent and manageable means by which ESMTP clients and servers can be identified and servers can indicate supported extensions.

Message submission (RFC 2476) and SMTP-AUTH (RFC 2554) were introduced in 1998 and 1999, both describing new trends in email delivery. Originally, SMTP servers were typically internal to an organization, receiving mail for the organization from the outside, and relaying messages from the organization to the outside. But as time went on, SMTP servers (mail transfer agents), in practice, were expanding their roles to become message submission agents for Mail user agents, some of which were now relaying mail from the outside of an organization. (e.g. a company executive wishes to send email while on a trip using the corporate SMTP server.) This issue, a consequence of the rapid expansion and popularity of the World Wide Web, meant that SMTP had to include specific rules and methods for relaying mail and authenticating users to prevent abuses such as relaying of unsolicited email (spam). Work on message submission (RFC 2476) was originally started because popular mail servers would often rewrite mail in an attempt to fix problems in it, for example, adding a domain name to an unqualified address. This behavior is helpful when the message being fixed is an initial submission, but dangerous and harmful when the message originated elsewhere and is being relayed. Cleanly separating mail into submission and relay was seen as a way to permit and encourage rewriting submissions while prohibiting rewriting relay. As spam became more prevalent, it was also seen as a way to provide authorization for mail being sent out from an organization, as well as traceability. This separation of relay and submission quickly became a foundation for modern email security practices.

As this protocol started out purely ASCII text-based, it did not deal well with binary files, or characters in many non-English languages. Standards such as Multipurpose Internet Mail Extensions (MIME) were developed to encode binary files for transfer through SMTP. Mail transfer agents (MTAs) developed after Sendmail also tended to be implemented 8-bit clean, so that the alternate "just send eight" strategy could be used to transmit arbitrary text data (in any 8-bit ASCII-like character encoding) via SMTP. Mojibake was still a problem due to differing character set mappings between vendors, although the email addresses themselves still allowed only ASCII. 8-bit-clean MTAs today tend to support the 8BITMIME extension, permitting some binary files to be transmitted almost as easily as plain text (limits on line length and permitted octet values still apply, so that MIME encoding is needed for most non-text data and some text formats). In 2012, the SMTPUTF8 extension was created to support UTF-8 text, allowing international content and addresses in non-Latin scripts like Cyrillic or Chinese.

Many people contributed to the core SMTP specifications, among them Jon Postel, Eric Allman, Dave Crocker, Ned Freed, Randall Gellens, John Klensin, and Keith Moore.

Mail processing model

Blue arrows depict implementation of SMTP variations

Email is submitted by a mail client (mail user agent, MUA) to a mail server (mail submission agent, MSA) using SMTP on TCP port 587. Most mailbox providers still allow submission on traditional port 25. The MSA delivers the mail to its mail transfer agent (mail transfer agent, MTA). Often, these two agents are instances of the same software launched with different options on the same machine. Local processing can be done either on a single machine, or split among multiple machines; mail agent processes on one machine can share files, but if processing is on multiple machines, they transfer messages between each other using SMTP, where each machine is configured to use the next machine as a smart host. Each process is an MTA (an SMTP server) in its own right.

The boundary MTA uses DNS to look up the MX (mail exchanger) record for the recipient's domain (the part of the email address on the right of @). The MX record contains the name of the target MTA. Based on the target host and other factors, the sending MTA selects a recipient server and connects to it to complete the mail exchange.

Message transfer can occur in a single connection between two MTAs, or in a series of hops through intermediary systems. A receiving SMTP server may be the ultimate destination, an intermediate "relay" (that is, it stores and forwards the message) or a "gateway" (that is, it may forward the message using some protocol other than SMTP). Per RFC 5321 section 2.1, each hop is a formal handoff of responsibility for the message, whereby the receiving server must either deliver the message or properly report the failure to do so.

Once the final hop accepts the incoming message, it hands it to a mail delivery agent (MDA) for local delivery. An MDA saves messages in the relevant mailbox format. As with sending, this reception can be done using one or multiple computers, but in the diagram above the MDA is depicted as one box near the mail exchanger box. An MDA may deliver messages directly to storage, or forward them over a network using SMTP or other protocol such as Local Mail Transfer Protocol (LMTP), a derivative of SMTP designed for this purpose.

Once delivered to the local mail server, the mail is stored for batch retrieval by authenticated mail clients (MUAs). Mail is retrieved by end-user applications, called email clients, using Internet Message Access Protocol (IMAP), a protocol that both facilitates access to mail and manages stored mail, or the Post Office Protocol (POP) which typically uses the traditional mbox mail file format or a proprietary system such as Microsoft Exchange/Outlook or Lotus Notes/Domino. Webmail clients may use either method, but the retrieval protocol is often not a formal standard.

SMTP defines message transport, not the message content. Thus, it defines the mail envelope and its parameters, such as the envelope sender, but not the header (except trace information) nor the body of the message itself. STD 10 and RFC 5321 define SMTP (the envelope), while STD 11 and RFC 5322 define the message (header and body), formally referred to as the Internet Message Format.

Protocol overview

SMTP is a connection-oriented, text-based protocol in which a mail sender communicates with a mail receiver by issuing command strings and supplying necessary data over a reliable ordered data stream channel, typically a Transmission Control Protocol (TCP) connection. An SMTP session consists of commands originated by an SMTP client (the initiating agent, sender, or transmitter) and corresponding responses from the SMTP server (the listening agent, or receiver) so that the session is opened, and session parameters are exchanged. A session may include zero or more SMTP transactions. An SMTP transaction consists of three command/reply sequences:

1. MAIL command, to establish the return address, also called return-path,[17] reverse-path,[18] bounce address, mfrom, or envelope sender.
2. RCPT command, to establish a recipient of the message. This command can be issued multiple times, one for each recipient. These addresses are also part of the envelope.
3. DATA to signal the beginning of the message text; the content of the message, as opposed to its envelope. It consists of a message header and a message body separated by an empty line. DATA is actually a group of commands, and the server replies twice: once to the DATA command itself, to acknowledge that it is ready to receive the text, and the second time after the end-of-data sequence, to either accept or reject the entire message.

Besides the intermediate reply for DATA, each server's reply can be either positive (2xx reply codes) or negative. Negative replies can be permanent (5xx codes) or transient (4xx codes). A reject is a permanent failure and the client should send a bounce message to the server it received it from. A drop is a positive response followed by message discard rather than delivery.

The initiating host, the SMTP client, can be either an end-user's email client, functionally identified as a mail user agent (MUA), or a relay server's mail transfer agent (MTA), that is an SMTP server acting as an SMTP client, in the relevant session, in order to relay mail. Fully capable SMTP servers maintain queues of messages for retrying message transmissions that resulted in transient failures.

A MUA knows the outgoing mail SMTP server from its configuration. A relay server typically determines which server to connect to by looking up the MX (Mail eXchange) DNS resource record for each recipient's domain name. If no MX record is found, a conformant relaying server (not all are) instead looks up the A record. Relay servers can also be configured to use a smart host. A relay server initiates a TCP connection to the server on the "well-known port" for SMTP: port 25, or for connecting to an MSA, port 587. The main difference between an MTA and an MSA is that connecting to an MSA requires SMTP Authentication.

SMTP vs mail retrieval

SMTP is a delivery protocol only. In normal use, mail is "pushed" to a destination mail server (or next-hop mail server) as it arrives. Mail is routed based on the destination server, not the individual user(s) to which it is addressed. Other protocols, such as the Post Office Protocol (POP) and the Internet Message Access Protocol (IMAP) are specifically designed for use by individual users retrieving messages and managing mail boxes. To permit an intermittently-connected mail server to pull messages from a remote server on demand, SMTP has a feature to initiate mail queue processing on a remote server (see Remote Message Queue Starting below). POP and IMAP are unsuitable protocols for relaying mail by intermittently-connected machines; they are designed to operate after final delivery, when information critical to the correct operation of mail relay (the "mail envelope") has been removed.

Remote Message Queue Starting

Remote Message Queue Starting enables a remote host to start processing of the mail queue on a server so it may receive messages destined to it by sending a corresponding command. The original TURN command was deemed insecure and was extended in RFC 1985 with the ETRN command which operates more securely using an authentication method based on Domain Name System information.[19]

Outgoing mail SMTP server

An email client needs to know the IP address of its initial SMTP server and this has to be given as part of its configuration (usually given as a DNS name). This server will deliver outgoing messages on behalf of the user.

Outgoing mail server access restrictions

Server administrators need to impose some control on which clients can use the server. This enables them to deal with abuse, for example spam. Two solutions have been in common use:

• In the past, many systems imposed usage restrictions by the location of the client, only permitting usage by clients whose IP address is one that the server administrators control. Usage from any other client IP address is disallowed.
• Modern SMTP servers typically offer an alternative system that requires authentication of clients by credentials before allowing access.

Restricting access by location

Under this system, an ISP's SMTP server will not allow access by users who are outside the ISP's network. More precisely, the server may only allow access to users with an IP address provided by the ISP, which is equivalent to requiring that they are connected to the Internet using that same ISP. A mobile user may often be on a network other than that of their normal ISP, and will then find that sending email fails because the configured SMTP server choice is no longer accessible.

This system has several variations. For example, an organisation's SMTP server may only provide service to users on the same network, enforcing this by firewalling to block access by users on the wider Internet. Or the server may perform range checks on the client's IP address. These methods were typically used by corporations and institutions such as universities which provided an SMTP server for outbound mail only for use internally within the organisation. However, most of these bodies now use client authentication methods, as described below.

Where a user is mobile, and may use different ISPs to connect to the internet, this kind of usage restriction is onerous, and altering the configured outbound email SMTP server address is impractical. It is highly desirable to be able to use email client configuration information that does not need to change.

Client authentication

Modern SMTP servers typically require authentication of clients by credentials before allowing access, rather than restricting access by location as described earlier. This more flexible system is friendly to mobile users and allows them to have a fixed choice of configured outbound SMTP server. SMTP Authentication, often abbreviated SMTP AUTH, is an extension of the SMTP in order to log in using an authentication mechanism.

Ports

Communication between mail servers generally uses the standard TCP port 25 designated for SMTP.

Mail clients however generally don't use this, instead using specific "submission" ports. Mail services generally accept email submission from clients on one of:

• 587 (Submission), as formalized in RFC 6409 (previously RFC 2476)
• 465 This port was deprecated after RFC 2487, until the issue of RFC 8314.

Port 2525 and others may be used by some individual providers, but have never been officially supported.

Many Internet service providers now block all outgoing port 25 traffic from their customers. Mainly as an anti-spam measure,[20] but also to cure for the higher cost they have when leaving it open, perhaps by charging more from the few customers that require it open.

SMTP transport example

A typical example of sending a message via SMTP to two mailboxes (alice and theboss) located in the same mail domain (example.com) is reproduced in the following session exchange. (In this example, the conversation parts are prefixed with S: and C:, for server and client, respectively; these labels are not part of the exchange.)

After the message sender (SMTP client) establishes a reliable communications channel to the message receiver (SMTP server), the session is opened with a greeting by the server, usually containing its fully qualified domain name (FQDN), in this case smtp.example.com. The client initiates its dialog by responding with a HELO command identifying itself in the command's parameter with its FQDN (or an address literal if none is available).[21]

S: 220 smtp.example.com ESMTP Postfix C: HELO relay.example.org S: 250 Hello relay.example.org, I am glad to meet you C: MAIL FROM:<> S: 250 Ok C: RCPT TO:<> S: 250 Ok C: RCPT TO:<> S: 250 Ok C: DATA S: 354 End data with <CR><LF>.<CR><LF> C: From: "Bob Example" <> C: To: "Alice Example" <> C: Cc: C: Date: Tue, 15 Jan 2008 16:02:43 -0500 C: Subject: Test message C: C: Hello Alice. C: This is a test message with 5 header fields and 4 lines in the message body. C: Your friend, C: Bob C: . S: 250 Ok: queued as 12345 C: QUIT S: 221 Bye {The server closes the connection}

The client notifies the receiver of the originating email address of the message in a MAIL FROM command. This is also the return or bounce address in case the message cannot be delivered. In this example the email message is sent to two mailboxes on the same SMTP server: one for each recipient listed in the To: and Cc: header fields. The corresponding SMTP command is RCPT TO. Each successful reception and execution of a command is acknowledged by the server with a result code and response message (e.g., 250 Ok).

The transmission of the body of the mail message is initiated with a DATA command after which it is transmitted verbatim line by line and is terminated with an end-of-data sequence. This sequence consists of a new-line (<CR><LF>), a single full stop (.), followed by another new-line (<CR><LF>). Since a message body can contain a line with just a period as part of the text, the client sends two periods every time a line starts with a period; correspondingly, the server replaces every sequence of two periods at the beginning of a line with a single one. Such escaping method is called dot-stuffing.

The server's positive reply to the end-of-data, as exemplified, implies that the server has taken the responsibility of delivering the message. A message can be doubled if there is a communication failure at this time, e.g. due to a power shortage: Until the sender has received that 250 Ok reply, it must assume the message was not delivered. On the other hand, after the receiver has decided to accept the message, it must assume the message has been delivered to it. Thus, during this time span, both agents have active copies of the message that they will try to deliver.[22] The probability that a communication failure occurs exactly at this step is directly proportional to the amount of filtering that the server performs on the message body, most often for anti-spam purposes. The limiting timeout is specified to be 10 minutes.[23]

The QUIT command ends the session. If the email has other recipients located elsewhere, the client would QUIT and connect to an appropriate SMTP server for subsequent recipients after the current destination(s) had been queued. The information that the client sends in the HELO and MAIL FROM commands are added (not seen in example code) as additional header fields to the message by the receiving server. It adds a Received and Return-Path header field, respectively.

Some clients are implemented to close the connection after the message is accepted (250 Ok: queued as 12345), so the last two lines may actually be omitted. This causes an error on the server when trying to send the 221 Bye reply.

SMTP Extensions

Extension discovery mechanism

Clients learn a server's supported options by using the EHLO greeting, as exemplified below, instead of the original HELO. Clients fall back to HELO only if the server does not support EHLO greeting.[24]

Modern clients may use the ESMTP extension keyword SIZE to query the server for the maximum message size that will be accepted. Older clients and servers may try to transfer excessively sized messages that will be rejected after consuming network resources, including connect time to network links that is paid by the minute.[25]

Users can manually determine in advance the maximum size accepted by ESMTP servers. The client replaces the HELO command with the EHLO command.

S: 220 smtp2.example.com ESMTP Postfix C: EHLO bob.example.org S: 250-smtp2.example.com Hello bob.example.org [192.0.2.201] S: 250-SIZE 14680064 S: 250-PIPELINING S: 250 HELP

Thus smtp2.example.com declares that it can accept a fixed maximum message size no larger than 14,680,064 octets (8-bit bytes).

In the simplest case, an ESMTP server declares a maximum SIZE immediately after receiving an EHLO. According to RFC 1870, however, the numeric parameter to the SIZE extension in the EHLO response is optional. Clients may instead, when issuing a MAIL FROM command, include a numeric estimate of the size of the message they are transferring, so that the server can refuse receipt of overly-large messages.

Binary data transfer

Original SMTP supports only a single body of ASCII text, therefore any binary data needs to be encoded as text into that body of the message before transfer, and then decoded by the recipient. Binary-to-text encodings, such as uuencode and BinHex were typically used.

The 8BITMIME command was developed to address this. It was standardized in 1994 as RFC 1652[26] It facilitates the transparent exchange of e-mail messages containing octets outside the seven-bit ASCII character set by encoding them as MIME content parts, typically encoded with Base64.

Mail delivery mechanism extensions

On-Demand Mail Relay

Main article: On-Demand Mail Relay

On-Demand Mail Relay (ODMR) is an SMTP extension standardized in RFC 2645 that allows an intermittently-connected SMTP server to receive email queued for it when it is connected.

Internationalization extension

Main article: International email

Original SMTP supports email addresses composed of ASCII characters only, which is inconvenient for users whose native script is not Latin based, or who use diacritic not in the ASCII character set. This limitation was alleviated via extensions enabling UTF-8 in address names. RFC 5336 introduced experimental[25] UTF8SMTP command and later was superseded by RFC 6531 that introduced SMTPUTF8 command. These extensions provide support for multi-byte and non-ASCII characters in email addresses, such as those with diacritics and other language characters such as Greek and Chinese.[27]

Current support is limited, but there is strong interest in broad adoption of RFC 6531 and the related RFCs in countries like China that have a large user base where Latin (ASCII) is a foreign script.

Extensions

Like SMTP, ESMTP is a protocol used to transport Internet mail. It is used as both an inter-server transport protocol and (with restricted behavior enforced) a mail submission protocol.

The main identification feature for ESMTP clients is to open a transmission with the command EHLO (Extended HELLO), rather than HELO (Hello, the original RFC 821 standard). A server will respond with success (code 250), failure (code 550) or error (code 500, 501, 502, 504, or 421), depending on its configuration. An ESMTP server returns the code 250 OK in a multi-line reply with its domain and a list of keywords to indicate supported extensions. A RFC 821 compliant server returns error code 500, allowing ESMTP clients to try either HELO or QUIT.

Each service extension is defined in an approved format in subsequent RFCs and registered with the Internet Assigned Numbers Authority (IANA). The first definitions were the RFC 821 optional services: SEND, SOML (Send or Mail), SAML (Send and Mail), EXPN, HELP, and TURN. The format of additional SMTP verbs was set and for new parameters in MAIL and RCPT.

Some relatively common keywords (not all of them corresponding to commands) used today are:

• 8BITMIME – 8 bit data transmission, RFC 6152
• ATRN – Authenticated TURN for On-Demand Mail Relay, RFC 2645
• AUTH – Authenticated SMTP, RFC 4954
• CHUNKING – Chunking, RFC 3030
• DSN – Delivery status notification, RFC 3461 (See Variable envelope return path)
• ETRN – Extended version of remote message queue starting command TURN, RFC 1985
• HELP – Supply helpful information, RFC 821
• PIPELINING – Command pipelining, RFC 2920
• SIZE – Message size declaration, RFC 1870
• STARTTLS – Transport Layer Security, RFC 3207 (2002)
• SMTPUTF8 – Allow UTF-8 encoding in mailbox names and header fields, RFC 6531
• UTF8SMTP – Allow UTF-8 encoding in mailbox names and header fields, RFC 5336 (deprecated[28])

The ESMTP format was restated in RFC 2821 (superseding RFC 821) and updated to the latest definition in RFC 5321 in 2008. Support for the EHLO command in servers became mandatory, and HELO designated a required fallback.

Non-standard, unregistered, service extensions can be used by bilateral agreement, these services are indicated by an EHLO message keyword starting with "X", and with any additional parameters or verbs similarly marked.

SMTP commands are case-insensitive. They are presented here in capitalized form for emphasis only. An SMTP server that requires a specific capitalization method is a violation of the standard.[citation needed]

8BITMIME

At least the following servers advertise the 8BITMIME extension:

• Apache James (since 2.3.0a1)[29]
• Citadel (since 7.30)
• Courier Mail Server
• Gmail[30]
• IceWarp
• IIS SMTP Service
• Kerio Connect
• Lotus Domino
• Microsoft Exchange Server (as of Exchange Server 2000)
• Novell GroupWise
• OpenSMTPD
• Oracle Communications Messaging Server
• Postfix
• Sendmail (since 6.57)

The following servers can be configured to advertise 8BITMIME, but do not perform conversion of 8-bit data to 7-bit when connecting to non-8BITMIME relays:

• Exim and qmail do not translate eight-bit messages to seven-bit when making an attempt to relay 8-bit data to non-8BITMIME peers, as is required by the RFC.[31] This does not cause problems in practice, since virtually all modern mail relays are 8-bit clean.[32]
• Microsoft Exchange Server 2003 advertises 8BITMIME by default, but relaying to a non-8BITMIME peer results in a bounce. This is allowed by RFC 6152 section 3.

SMTP-AUTH

Main article: SMTP Authentication

The SMTP-AUTH extension provides an access control mechanism. It consists of an authentication step through which the client effectively logs into the mail server during the process of sending mail. Servers that support SMTP-AUTH can usually be configured to require clients to use this extension, ensuring the true identity of the sender is known. The SMTP-AUTH extension is defined in RFC 4954.

SMTP-AUTH can be used to allow legitimate users to relay mail while denying relay service to unauthorized users, such as spammers. It does not necessarily guarantee the authenticity of either the SMTP envelope sender or the RFC 2822 "From:" header. For example, spoofing, in which one sender masquerades as someone else, is still possible with SMTP-AUTH unless the server is configured to limit message from-addresses to addresses this AUTHed user is authorized for.

The SMTP-AUTH extension also allows one mail server to indicate to another that the sender has been authenticated when relaying mail. In general this requires the recipient server to trust the sending server, meaning that this aspect of SMTP-AUTH is rarely used on the Internet.[citation needed]

SMTPUTF8

Supporting servers include:

• Postfix (version 3.0 and later)[33]
• Momentum (versions 4.1[34] and 3.6.5, and later)
• Sendmail (under development)
• Exim (experimental as of the 4.86 release)
• CommuniGate Pro as of version 6.2.2[35]
• Courier-MTA as of version 1.0[36]
• Halon as of version 4.0[37]
• Microsoft Exchange Server as of protocol revision 14.0[38]
• Haraka and other servers.[39]
• Oracle Communications Messaging Server as of release 8.0.2.[40]

Security extensions

Mail delivery can occur both over plain text and encrypted connections, however the communicating parties might not know in advance of other party's ability to use secure channel.

STARTTLS or "Opportunistic TLS"

Main articles: Opportunistic TLS and Email encryption

The STARTTLS extensions enables supporting SMTP servers to notify connecting clients that it supports TLS encrypted communication and offers the opportunity for clients to upgrade their connection by sending the STARTTLS command. Servers supporting the extension do not inherently gain any security benefits from its implementation on its own, as upgrading to a TLS encrypted session is dependent on the connecting client deciding to exercise this option, hence the term opportunistic TLS.

STARTTLS is effective only against passive observation attacks, since the STARTTLS negotiation happens in plain text and an active attacker can trivially remove STARTTLS commands. This type of man-in-the-middle attack is sometimes referred to as STRIPTLS, where the encryption negotiation information sent from one end never reaches the other. In this scenario both parties take the invalid or unexpected responses as indication that the other does not properly support STARTTLS, defaulting to traditional plain-text mail transfer.[41] Note that STARTTLS is also defined for IMAP and POP3 in other RFCs, but these protocols serve different purposes: SMTP is used for communication between message transfer agents, while IMAP and POP3 are for end clients and message transfer agents.

In 2014 the Electronic Frontier Foundation began "STARTTLS Everywhere" project that, similarly to "HTTPS Everywhere" list, allowed relying parties to discover others supporting secure communication without prior communication. The project stopped accepting submissions on 29 April 2021, and EFF recommended switching to DANE and MTA-STS for discovering information on peers' TLS support.[42]

RFC 8314 officially declared plain text obsolete and recommend always using TLS for mail submission and access, adding ports with implicit TLS.

SMTP MTA Strict Transport Security

A newer 2018 RFC 8461 called "SMTP MTA Strict Transport Security (MTA-STS)" aims to address the problem of active adversary by defining a protocol for mail servers to declare their ability to use secure channels in specific files on the server and specific DNS TXT records. The relying party would regularly check existence of such record, and cache it for the amount of time specified in the record and never communicate over insecure channels until record expires.[41] Note that MTA-STS records apply only to SMTP traffic between mail servers while communications between a user's client and the mail server are protected by Transport Layer Security with SMTP/MSA, IMAP, POP3, or HTTPS in combination with an organizational or technical policy. Essentially, MTA-STS is a means to extend such a policy to third parties.

In April 2019 Google Mail announced support for MTA-STS.[43]

SMTP TLS Reporting

Protocols designed to securely deliver messages can fail due to misconfigurations or deliberate active interference, leading to undelivered messages or delivery over unencrypted or unauthenticated channels. RFC 8460 "SMTP TLS Reporting" describes a reporting mechanism and format for sharing statistics and specific information about potential failures with recipient domains. Recipient domains can then use this information to both detect potential attacks and diagnose unintentional misconfigurations.

In April 2019 Google Mail announced support for SMTP TLS Reporting.[43]

Spoofing and spamming

Main articles: Anti-spam techniques and Email authentication

The original design of SMTP had no facility to authenticate senders, or check that servers were authorized to send on their behalf, with the result that email spoofing is possible, and commonly used in email spam and phishing.

Occasional proposals are made to modify SMTP extensively or replace it completely. One example of this is Internet Mail 2000, but neither it, nor any other has made much headway in the face of the network effect of the huge installed base of classic SMTP.

Instead, mail servers now use a range of techniques, such as stricter enforcement of standards such as RFC 5322,[44][45] DomainKeys Identified Mail, Sender Policy Framework and DMARC, DNSBLs and greylisting to reject or quarantine suspicious emails.[46]

Implementations

Main articles: List of mail server software and Comparison of mail servers

Related requests for comments

• RFC 1123 – Requirements for Internet Hosts—Application and Support (STD 3)
• RFC 1870 – SMTP Service Extension for Message Size Declaration (оbsoletes: RFC 1653)
• RFC 2505 – Anti-Spam Recommendations for SMTP MTAs (BCP 30)
• RFC 2821 – Simple Mail Transfer Protocol
• RFC 2920 – SMTP Service Extension for Command Pipelining (STD 60)
• RFC 3030 – SMTP Service Extensions for Transmission of Large and Binary MIME Messages
• RFC 3207 – SMTP Service Extension for Secure SMTP over Transport Layer Security (obsoletes RFC 2487)
• RFC 3461 – SMTP Service Extension for Delivery Status Notifications (obsoletes RFC 1891)
• RFC 3463 – Enhanced Status Codes for SMTP (obsoletes RFC 1893, updated by RFC 5248)
• RFC 3464 – An Extensible Message Format for Delivery Status Notifications (obsoletes RFC 1894)
• RFC 3798 – Message Disposition Notification (updates RFC 3461)
• RFC 3834 – Recommendations for Automatic Responses to Electronic Mail
• RFC 3974 – SMTP Operational Experience in Mixed IPv4/v6 Environments
• RFC 4952 – Overview and Framework for Internationalized Email (updated by RFC 5336)
• RFC 4954 – SMTP Service Extension for Authentication (obsoletes RFC 2554, updates RFC 3463, updated by RFC 5248)
• RFC 5068 – Email Submission Operations: Access and Accountability Requirements (BCP 134)
• RFC 5248 – A Registry for SMTP Enhanced Mail System Status Codes (BCP 138) (updates RFC 3463)
• RFC 5321 – The Simple Mail Transfer Protocol (obsoletes RFC 821 aka STD 10, RFC 974, RFC 1869, RFC 2821, updates RFC 1123)
• RFC 5322 – Internet Message Format (obsoletes RFC 822 aka STD 11, and RFC 2822)
• RFC 5504 – Downgrading Mechanism for Email Address Internationalization
• RFC 6409 – Message Submission for Mail (STD 72) (obsoletes RFC 4409, RFC 2476)
• RFC 6522 – The Multipart/Report Content Type for the Reporting of Mail System Administrative Messages (obsoletes RFC 3462, and in turn RFC 1892)
• RFC 6531 – SMTP Extension for Internationalized Email Addresses (updates RFC 2821, RFC 2822, RFC 4952, and RFC 5336)
• RFC 8314 – Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access

See also

• Bounce address
• CRAM-MD5 (a SASL mechanism for ESMTPA) RFC 2195
• Email
  • Email encryption
• DKIM
• Ident
• List of mail server software
• List of SMTP server return codes
• POP before SMTP / SMTP after POP
• Internet Message Access Protocol Binary Content Extension RFC 3516
• Sender Policy Framework (SPF)
• Simple Authentication and Security Layer (SASL) RFC 4422
• SMTP Authentication
• Variable envelope return path
• Comparison of email clients for information about SMTP support

Notes

1. ^ The History of Electronic Mail, Tom Van Vleck: "It is not clear this protocol was ever implemented"
2. ^ The First Network Email, Ray Tomlinson, BBN
3. ^ Picture of "The First Email Computer" by Dan Murphy, a PDP-10
4. ^ Dan Murphy's TENEX and TOPS-20 Papers Archived November 18, 2007, at the Wayback Machine
5. ^ RFC 524 – A Proposed Mail Protocol
6. ^ Crocker, David H. (December 1977). "Framework and Functions of the "MS" Personal Message System" (PDF). The RAND Corporation.
7. ^ RFC 469 – Network Mail Meeting Summary
8. ^ RFC 733, 21 November 1977, Standard for the Format of ARPA Network Text Message
9. ^ "Tldp.org".
10. ^ "draft-barber-uucp-project-conclusion-05 – The Conclusion of the UUCP Mapping Project".
11. ^ The article about sender rewriting contains technical background info about the early SMTP history and source routing before RFC 1123.
12. ^ Eric Allman (1983), Sendmail – An Internetwork Mail Router (PDF), BSD UNIX documentation set, Berkeley: University of California, retrieved June 29, 2012
13. ^ Craig Partridge (2008), The Technical Development of Internet Email (PDF), IEEE Annals of the History of Computing, vol. 30, IEEE Computer Society, pp. 3–29, doi:10.1109/MAHC.2008.32, S2CID 206442868, archived from the original (PDF) on May 12, 2011
14. ^ Paul Hoffman (February 1, 1998). "Allowing Relaying in SMTP: A Survey". Internet Mail Consortium. Retrieved May 30, 2010.
15. ^ Paul Hoffman (August 2002). "Allowing Relaying in SMTP: A Series of Surveys". Internet Mail Consortium. Archived from the original on January 18, 2007. Retrieved May 30, 2010.
16. ^ "In Unix, what is an open mail relay? - Knowledge Base". June 17, 2007. Archived from the original on June 17, 2007. Retrieved March 15, 2021.
17. ^ "The MAIL, RCPT, and DATA verbs", [D. J. Bernstein]
18. ^ RFC 5321 Section-7.2
19. ^ Systems, Message. "Message Systems Introduces Latest Version Of Momentum With New API-Driven Capabilities". www.prnewswire.com. Retrieved July 19, 2020.
20. ^ Cara Garretson (2005). "ISPs Pitch In to Stop Spam". PC World. Retrieved January 18, 2016. Last month, the Anti-Spam Technical Alliance, formed last year by Yahoo, America Online, EarthLink, and Microsoft, issued a list of antispam recommendations that includes filtering Port 25.
21. ^ RFC 5321, Simple Mail Transfer Protocol, J. Klensin, The Internet Society (October 2008)
22. ^ RFC 1047
23. ^ "rfc5321#section-4.5.3.2.6".
24. ^ John Klensin; Ned Freed; Marshall T. Rose; Einar A. Stefferud; Dave Crocker (November 1995). SMTP Service Extensions. IETF. doi:10.17487/RFC1869. RFC 1869.
25. ^ a b "MAIL Parameters". IANA. February 14, 2020.
26. ^ Which was obsoleted in 2011 by RFC 6152 corresponding to the then new STD 71
27. ^ Jiankang Yao (December 19, 2014). "Chinese email address". EAI (Mailing list). IETF. Retrieved May 24, 2016.
28. ^ "SMTP Service Extension Parameters". IANA. Retrieved November 5, 2013.
29. ^ James Server - ChangeLog. James.apache.org. Retrieved on 2013-07-17.
30. ^ 8BITMIME service advertised in response to EHLO on gmail-smtp-in.l.google.com port 25, checked 23 November 2011
31. ^ Qmail bugs and wishlist. Home.pages.de. Retrieved on 2013-07-17.
32. ^ The 8BITMIME extension. Cr.yp.to. Retrieved on 2013-07-17.
33. ^ "Postfix SMTPUTF8 support is enabled by default", February 8, 2015, postfix.org
34. ^ "Message Systems Introduces Latest Version Of Momentum With New API-Driven Capabilities" (Press release).
35. ^ "Version 6.2 Revision History". CommuniGate.com.
36. ^ Sam Varshavchik (September 18, 2018). "New releases of Courier packages". courier-announce (Mailing list).
37. ^ "Halon MTA changelog". GitHub. November 9, 2021. v4.0: New SMTPUTF8 support Updated for new versions
38. ^ "MS-OXSMTP: Simple Mail Transfer Protocol (SMTP) Extensions". July 24, 2018.
39. ^ "EAI Readiness in TLDs" (PDF). February 12, 2019.
40. ^ "Communications Messaging Server Release Notes". oracle.com. October 2017.
41. ^ a b "Introducing MTA Strict Transport Security (MTA-STS) | Hardenize Blog". www.hardenize.com. Retrieved April 25, 2019.
42. ^ "STARTTLS Everywhere". EFF. Retrieved December 4, 2021.
43. ^ a b Cimpanu, Catalin. "Gmail becomes first major email provider to support MTA-STS and TLS Reporting". ZDNet. Retrieved April 25, 2019.
44. ^ "Message Non Compliant with RFC 5322".
45. ^ "Message could not be delivered. Please ensure the message is RFC 5322 compliant".
46. ^ "Why are the emails sent to Microsoft Account rejected for policy reasons?".

References

• Hughes, L (1998). Internet E-mail: Protocols, Standards and Implementation. Artech House Publishers. ISBN 978-0-89006-939-4.
• Hunt, C (2003). sendmail Cookbook. O'Reilly Media. ISBN 978-0-596-00471-2.
• Johnson, K (2000). Internet Email Protocols: A Developer's Guide. Addison-Wesley Professional. ISBN 978-0-201-43288-6.
• Loshin, P (1999). Essential Email Standards: RFCs and Protocols Made Practical. John Wiley & Sons. ISBN 978-0-471-34597-8.
• Rhoton, J (1999). Programmer's Guide to Internet Mail: SMTP, POP, IMAP, and LDAP. Elsevier. ISBN 978-1-55558-212-8.
• Wood, D (1999). Programming Internet Mail. O'Reilly. ISBN 978-1-56592-479-6.

External links

• RFC 1869 SMTP Service Extensions
• RFC 5321 Simple Mail Transfer Protocol
• RFC 4954 SMTP Service Extension for Authentication (obsoletes RFC 2554)
• RFC 3848 SMTP and LMTP Transmission Types Registration (with ESMTPA)
• RFC 6409 Message Submission for Mail (obsoletes RFC 4409, which obsoletes RFC 2476)

Retrieved from "//en.wikipedia.org/w/index.php?title=Simple_Mail_Transfer_Protocol&oldid=1115817844#8BITMIME"